jsonpath
npm2 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting jsonpathpage 1 of 1
- CVE-2025-61140CRITICALCVSS 9.8EG 9.8✓ Fixed in 1.2.02026-01-28
The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution.
- CVE-2026-1615CRITICALCVSS 9.8EG 9.8✓ Fixed in 1.3.02026-02-09
Versions of the package jsonpath before 1.3.0 are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-supplied JSON Path expressions. The library relies on the static-eval module to process JSON Path input, which is not de…
Check whether jsonpath is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for jsonpath CVEs against the assets you own.
Start Free Scan →