npm/@evomap/evolver — 3 CVEs

CRITICAL9.8CVE-2026-42076Evolver: Command Injection via `execSync` in `_extractLLM()` function allows Remote Code Execution

from 0, < 1.69.3

HIGH8.1CVE-2026-42075Evolver: Path Traversal via `--out` flag in `fetch` command allows Arbitrary File Write

from 0, < 1.69.3

MEDIUM5.2CVE-2026-42077Evolver has Prototype Pollution via `Object.assign()` in its mailbox store operations

from 0, < 1.69.3

pkg:npm/@evomap/evolver