VYPR

npm package

@trpc/server

pkg:npm/%40trpc/server

Vulnerabilities (2)

  • CVE-2025-68130HigDec 16, 2025
    affected >= 10.27.0, < 10.45.3fixed 10.45.3

    tRPC allows users to build and consume fully typesafe APIs without schemas or code generation. Starting in version 10.27.0 and prior to versions 10.45.3 and 11.8.0, a A prototype pollution vulnerability exists in `@trpc/server`'s `formDataToObject` function, which is used by the

  • CVE-2025-43855HigApr 24, 2025
    affected >= 11.0.0, < 11.1.1fixed 11.1.1

    tRPC allows users to build & consume fully typesafe APIs without schemas or code generation. In versions starting from 11.0.0 to before 11.1.1, an unhandled error is thrown when validating invalid connectionParams which crashes a tRPC WebSocket server. This allows any unauthentic