Name: Orval
Author: Orval

🔍 What is Orval?

Description coming soon...

🛡️ Security Overview

Click on a severity to filter vulnerabilities

⚠️ Known Vulnerabilities

CVE-2026-25141

CRITICAL CVSS 9.8 Jan 30, 2026

This CVE describes a code injection vulnerability in Orval, a tool that generates TypeScript clients from OpenAPI/Swagger specifications. The incomplete fix for CVE-2026-23947 allows attackers to bypa...

CVE-2026-24132

CRITICAL CVSS 9.8 Jan 23, 2026

Orval versions 7.19.0 and below and 8.0.0-rc.0 through 8.0.2 contain a code injection vulnerability where untrusted OpenAPI specifications can inject arbitrary TypeScript/JavaScript into generated moc...

CVE-2026-23947

CRITICAL CVSS 9.8 Jan 20, 2026

Orval versions 7.19.0 through 8.0.2 contain a code injection vulnerability in the x-enumDescriptions field processing. Untrusted OpenAPI specifications can inject arbitrary TypeScript/JavaScript code ...