pkg:npm/jsonpath
2 total CVEsCRITICAL1
✅ Check your installed version
All known vulnerabilities
CRITICAL9.8CVE-2026-1615jsonpath has Arbitrary Code Injection via Unsafe Evaluation of JSON Path Expressions from 0, < 1.3.0
—CVE-2025-61140JSONPath vulnerable to Prototype Pollution due to insufficient input validation of object keys in lib/index.js from 0, < 1.2.0