VYPR

Pacote

by Lumiverse

Source repositories

CVEs (1)

  • CVE-2026-9496HigMay 26, 2026
    risk 0.49cvss 7.5epss 0.00

    Versions of the package pacote from 11.2.7 are vulnerable to Denial of Service (DoS) via the addGitSha function. An attacker can exploit this vulnerability by supplying a specially crafted spec.rawSpec value that triggers the function’s regex replacement and…