Components
Vulnerabilities
Pricing
MCP
API
Docs
Sign up
Login
@orval/mcp 7.13.2 | Vulnerabilities | Sonatype Guide
npm
@orval/mcp
7.13.2
@orval/mcp 7.13.2
Published
Oct 7, 2025
•
Policy
compliance
npm Registry
Developer Trust Score
N/A
Recommended Version:
x.y.z
Latest version with 0 known vulnerabilities that meets your policy.
Compare Versions
Overview
Overview
Versions
46
Versions
46
Vulnerabilities
1
Vulnerabilities
1
Dependencies
1
Dependencies
1
Reset filters
Severity
Critical
(1)
High
(0)
Medium
(0)
Low
(0)
CVSS Score
0.0
10.0
EPSS Score
0.0
1.0
Malware
KEV Status
Published
Filter
Sort: Published (Newest first)
9.8
CVE-2026-22785
orval generates type-safe JS clients (TypeScript) from any valid OpenAPI v3 or Swagger v2 specification. Prior to 7.18.0, the MCP server generation logic relies on string manipulation that incorporates the summary field from the OpenAPI specification without proper validation or escaping. This allows an attacker to "break out" of the string literal and inject arbitrary code. This vulnerability is fixed in 7.18.0.
affected
Severity
Critical
Published
Jan 13, 2026
