VYPR

npm package

replicator

pkg:npm/replicator

Vulnerabilities (2)

  • CVE-2026-2265MedApr 1, 2026
    affected <= 1.0.5

    An unauthenticated remote code execution (RCE) vulnerability exists in applications that use the Replicator node package manager (npm) version 1.0.5 to deserialize untrusted user input and execute the resulting object.

  • CVE-2021-33420Dec 15, 2022
    affected < 1.0.4fixed 1.0.4

    A deserialization issue discovered in inikulin replicator before 1.0.4 allows remote attackers to run arbitrary code via the fromSerializable function in TypedArray object.