VYPR

npm package

diff

pkg:npm/diff

Vulnerabilities (1)

  • CVE-2026-24001Jan 22, 2026
    affected >= 6.0.0, < 8.0.3fixed 8.0.3

    jsdiff is a JavaScript text differencing implementation. Prior to versions 8.0.3, 5.2.2, 4.0.4, and 3.5.1, attempting to parse a patch whose filename headers contain the line break characters `\r`, `\u2028`, or `\u2029` can cause the `parsePatch` method to enter an infinite loop.