Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package jsonpath, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVE-2026-1615 — CVSS 9.8 (critical): Versions of the package jsonpath before 1.3.0 are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-supplied JSON Path…