VIR Vulnerability Intelligence Relay

Package impact

npm npm / @evomap/evolver

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-42076 critical 9.8 9.8 24d ago Evolver: Command Injection via `execSync` in `_extractLLM()` function allows Remote Code Execution npm
CVE-2026-42077 medium 5.2 5.2 24d ago Evolver has Prototype Pollution via `Object.assign()` in its mailbox store operations npm