cbcvebase.

Orval-Labs Orval vulnerabilities

3 known vulnerabilities affecting orval-labs/orval.

Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3

Vulnerabilities

Page 1 of 1
CVE-2026-24132P2CRITICALCVSS 9.8fixed in 7.20.0v>= 8.0.0-rc.0, < 8.0.32026-01-23
CVE-2026-24132 [CRITICAL] CWE-77 CVE-2026-24132: Orval generates type-safe JS clients (TypeScript) from any valid OpenAPI v3 or Swagger v2 specificat Orval generates type-safe JS clients (TypeScript) from any valid OpenAPI v3 or Swagger v2 specification. Versions 7.19.0 and below and 8.0.0-rc.0 through 8.0.2 allow untrusted OpenAPI specifications to inject arbitrary TypeScript/JavaScript into generated mock files via the const keyword on schema properties. These const values are interpolated int
nvd
CVE-2026-23947P2CRITICALCVSS 9.8v>= 7.19.0, < 7.21.0v>= 8.0.0, < 8.2.02026-01-20
CVE-2026-23947 [CRITICAL] CWE-77 CVE-2026-23947: Orval generates type-safe JS clients (TypeScript) from any valid OpenAPI v3 or Swagger v2 specificat Orval generates type-safe JS clients (TypeScript) from any valid OpenAPI v3 or Swagger v2 specification. Versions prior to 7.19.0 until 8.0.2 are vulnerable to arbitrary code execution in environments consuming generated clients. This issue is similar in nature to CVE-2026-22785, but affects a different code path in @orval/core that was not address
nvd
CVE-2026-22785P2CRITICALCVSS 9.8v>= 8.0.0-rc.0, < 8.0.2fixed in 7.19.02026-01-12
CVE-2026-22785 [CRITICAL] CWE-77 CVE-2026-22785: orval generates type-safe JS clients (TypeScript) from any valid OpenAPI v3 or Swagger v2 specificat orval generates type-safe JS clients (TypeScript) from any valid OpenAPI v3 or Swagger v2 specification. Prior to 7.18.0, the MCP server generation logic relies on string manipulation that incorporates the summary field from the OpenAPI specification without proper validation or escaping. This allows an attacker to "break out" of the string literal
nvd
Orval-Labs Orval vulnerabilities | cvebase