VYPR

npm package

eventsource-encoder

pkg:npm/eventsource-encoder

Vulnerabilities (1)

  • CVE-2026-44214MedMay 26, 2026
    affected < 1.0.2fixed 1.0.2

    eventsource-encoder encodes events as well-formed EventSource/Server Sent Event (SSE) messages. Prior to 1.0.2, eventsource-encoder does not sanitize the event or id fields of an EventSourceMessage before serializing them. An attacker who controls either field can inject arbitrar