VIR Vulnerability Intelligence Relay

Package impact

npm npm / @evomap/evolver

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-42076 critical 9.8 9.8 24d ago Evolver: Command Injection via `execSync` in `_extractLLM()` function allows Remote Code Execution
CVE-2026-42075 high 8.1 8.1 24d ago Evolver: Path Traversal via `--out` flag in `fetch` command allows Arbitrary File Write
CVE-2026-42077 medium 5.2 5.2 24d ago Evolver has Prototype Pollution via `Object.assign()` in its mailbox store operations