VYPR

npm package

jsonpath

pkg:npm/jsonpath

Vulnerabilities (2)

  • CVE-2026-1615CriFeb 9, 2026
    affected < 1.3.0fixed 1.3.0

    Versions of the package jsonpath before 1.3.0 are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-supplied JSON Path expressions. The library relies on the static-eval module to process JSON Path input, which is not designed to handle untrusted data safely. A

  • CVE-2025-61140Jan 28, 2026
    affected < 1.2.0fixed 1.2.0

    The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution.