VYPR

npm package

valibot

pkg:npm/valibot

Vulnerabilities (1)

  • CVE-2025-66020HigNov 26, 2025
    affected >= 0.31.0, < 1.2.0fixed 1.2.0

    Valibot helps validate data using a schema. In versions from 0.31.0 to 1.1.0, the EMOJI_REGEX used in the emoji action is vulnerable to a Regular Expression Denial of Service (ReDoS) attack. A short, maliciously crafted string (e.g., <100 characters) can cause the regex engine to