VIR Vulnerability Intelligence Relay

Package impact

npm npm / @evomap/evolver

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-42076 critical 9.8 9.8 24d ago Evolver: Command Injection via `execSync` in `_extractLLM()` function allows Remote Code Execution npm
CVE-2026-42075 high 8.1 8.1 24d ago Evolver: Path Traversal via `--out` flag in `fetch` command allows Arbitrary File Write npm