VYPR

npm package

cloudinary

pkg:npm/cloudinary

Vulnerabilities (1)

  • CVE-2025-12613HigNov 10, 2025
    affected < 2.7.0fixed 2.7.0

    Versions of the package cloudinary before 2.7.0 are vulnerable to Arbitrary Argument Injection due to improper parsing of parameter values containing an ampersand. An attacker can inject additional, unintended parameters. This could lead to a variety of malicious outcomes, such a