Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

npm

@evomap/evolver

npm

A GEP-powered self-evolution engine for AI agents. Features automated log analysis and Genome Evolution Protocol (GEP) for auditable, reusable evolution assets.

View on github.com · View on npmjs.org

Security Advisories for @evomap/evolver in npm

High
27 days ago

@evomap/evolver's validator sandbox allowlist permits `npm`/`npx`, yielding RCE from Hub-delivered validation tasks via lifecycle scripts GSA_kwCzR0hTQS1qeGg4LWpoNzcteGg2Z84ABWNN

npm @evomap/evolver
Moderate
27 days ago

@evomap/evolver has an unbounded request body in proxy /asset/submit that causes persistent disk-exhaustion DoS GSA_kwCzR0hTQS03eHA3LW0zOTItaDkyY84ABWNM

npm @evomap/evolver
High
27 days ago

@evomap/evolver: Path Traversal in `evolver fetch` default-branch `safeId` allows Hub-controlled overwrite of project files (RCE) GSA_kwCzR0hTQS1jZmNqLWhxcGYtaGNjZs4ABWNL

npm @evomap/evolver
High
about 1 month ago

Evolver: Path Traversal via `--out` flag in `fetch` command allows Arbitrary File Write GSA_kwCzR0hTQS1yNDY2LXJ4dzQtM2o5as4ABVqp

npm @evomap/evolver
Critical
about 1 month ago

Evolver: Command Injection via `execSync` in `_extractLLM()` function allows Remote Code Execution GSA_kwCzR0hTQS1qNXc1LTU2OHgtcnE1M84ABVqo

npm @evomap/evolver
Moderate
about 1 month ago

Evolver has Prototype Pollution via `Object.assign()` in its mailbox store operations GSA_kwCzR0hTQS0yY2pyLTV2M2gtdjJ3NM4ABVqn

npm @evomap/evolver

Filter by Severity

High 3 Moderate 2 Critical 1