VYPR

npm package

telejson

pkg:npm/telejson

Vulnerabilities (1)

  • CVE-2026-47099MedMay 20, 2026
    affected < 6.0.0fixed 6.0.0

    TeleJSON prior to 6.0.0 contains a DOM-based cross-site scripting vulnerability in the parse() function that allows attackers to execute arbitrary JavaScript by delivering a crafted JSON payload containing a malicious _constructor-name_ property value. The custom reviver passes t