Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package jpv, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (2)
CVE-2020-17479 — CVSS 9.8 (critical): jpv (aka Json Pattern Validator) before 2.2.2 does not properly validate input, as demonstrated by a corrupted array.
CVE-2019-19507 — CVSS 5.3 (medium): In jpv (aka Json Pattern Validator) before 2.1.1, compareCommon() can be bypassed because certain internal attributes can be overwritten…