@evomap/evolver

npm3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting @evomap/evolverpage 1 of 1

CVE-2026-42075HIGHCVSS 8.1EG 8.1✓ Fixed in 1.69.3
2026-05-04
Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a path traversal vulnerability in the skill download (fetch) command allows attackers to write files to arbitrary locations on the filesystem. The --out=…
CVE-2026-42076CRITICALCVSS 9.8EG 9.8✓ Fixed in 1.69.3
2026-05-04
Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a command injection vulnerability in the _extractLLM() function allows attackers to execute arbitrary shell commands on the server. The function construc…
CVE-2026-42077MEDIUMCVSS 5.2EG 5.2✓ Fixed in 1.69.3
2026-05-04
Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a prototype pollution vulnerability in the mailbox store module allows attackers to modify the behavior of all JavaScript objects by injecting malicious …

Check whether @evomap/evolver is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for @evomap/evolver CVEs against the assets you own.

Start Free Scan →