Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package devalue, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (5)
CVE-2025-57820: Svelte devalue is a utility library. Prior to version 5.3.2, a string passed to devalue.parse could represent an object with a __proto__…
CVE-2026-22774 — CVSS 7.5 (high): Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From 5.3.0 to…
CVE-2026-22775 — CVSS 7.5 (high): Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From 5.1.0 to…
CVE-2026-30226 — CVSS 7.5 (high): Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. In devalue…
CVE-2026-42570 — CVSS 7.5 (high): Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From version…