📦 Seroval

Seroval versions 1.4.0 and below have a stack overflow vulnerability when serializing deeply nested objects, causing denial of service. This affects applications using Seroval for JavaScript value ser...

seroval library versions 1.4.0 and below contain vulnerabilities in RegExp serialization that can cause memory exhaustion or ReDoS (Regular Expression Denial of Service) during deserialization. Attack...

CVE-2026-23957 is a denial-of-service vulnerability in seroval library versions 1.4.0 and below. Attackers can craft malicious serialized data with manipulated array lengths to cause excessive CPU con...

CVE-2026-23736 is a prototype pollution vulnerability in seroval's JSON deserialization functionality that allows attackers to modify JavaScript object prototypes by crafting malicious object keys. Th...

CVE-2026-23737 is a deserialization vulnerability in seroval library versions 1.4.0 and below that allows arbitrary JavaScript code execution. Attackers can exploit this by sending specially crafted J...