Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

jsonpath

Ecosystem:
npm
Package URL:
pkg:npm/jsonpath
Total PRs:
777 Dependabot PRs
Latest PR:
13 days ago
Unique Repositories:
695 repositories
Unique Repos (30 days):
7 repositories
Security Advisories
jsonpath has Arbitrary Code Injection via Unsafe Evaluation of JSON Path Expressions
GHSA-87r5-mp6g-5w5j CVE-2026-1615 HIGH published 4 months ago • updated 4 days ago
### Impact **Arbitrary Code Injection (Remote Code Execution & XSS):** A critical security vulnerability affects **all versions** of the `jsonpat...
JSONPath vulnerable to Prototype Pollution due to insufficient input validation of object keys in lib/index.js
GHSA-6c59-mwgh-r2x6 CVE-2025-61140 MODERATE published 5 months ago • updated 4 days ago
The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution.
Recent PRs (filtered by: Closed , Patch PRs )
RSS Feed Clear filter
chore: bump jsonpath from 1.2.0 to 1.2.1

contentful/field-editors #2075

1.2.0 → 1.2.1 Patch PR
Closed 4 months ago 2 comments
contentful
chore(deps-dev): bump jsonpath from 1.2.0 to 1.2.1 in /client

MCA-NITW/leetcode_among_us #146

1.2.0 → 1.2.1 Patch PR
Closed 4 months ago 2 comments
MCA-NITW
Bump jsonpath from 1.2.0 to 1.2.1 in /Client

ZacharyTStone/My-Anime-Collection #111

1.2.0 → 1.2.1 Patch PR
Closed 4 months ago 1 comment
ZacharyTStone
Bump jsonpath from 1.2.0 to 1.2.1

sokratisvs/demo-5 #16

1.2.0 → 1.2.1 Patch PR
Closed 4 months ago 1 comment
sokratisvs
Bump jsonpath from 1.2.0 to 1.2.1

ministryofjustice/hmpps-approved-premises-ui #2811

1.2.0 → 1.2.1 Patch PR
Closed 4 months ago 1 comment
ministryofjustice
Bump jsonpath from 1.2.0 to 1.2.1 in /context-app

rodmartinezmedina/Context-API-Hooks-Practice #25

1.2.0 → 1.2.1 Patch PR
Closed 4 months ago 1 comment
rodmartinezmedina
chore(deps): bump jsonpath from 1.2.0 to 1.2.1 in /test/performance/react-app

ofajs/Xhear #190

1.2.0 → 1.2.1 Patch PR
Closed 4 months ago 1 comment
ofajs
Bump jsonpath from 1.2.0 to 1.2.1

ministryofjustice/hmpps-community-accommodation-tier-2-ui #1037

1.2.0 → 1.2.1 Patch PR
Closed 4 months ago 1 comment
ministryofjustice
Package Details
Name: jsonpath
Ecosystem: npm
PURL Type: npm
Package URL: pkg:npm/jsonpath
JSON API: View JSON
Security Advisories

2

Active advisories
HIGH 1
MODERATE 1
View All npm Advisories
Package Information
Description:

Query JavaScript objects with JSONPath expressions. Robust / safe JSONPath engine for Node.js.

Repository: https://github.com/dchester/jsonpath
Homepage: https://github.com/dchester/jsonpath#readme
Latest Release: 1.1.1
about 5 years ago
Dependent Repos: 18,744
Dependent Packages: 1,059
Downloads: 13,549,500
Ranking: Top 0.2086% by dependent repos Top 0.1583% by downloads Top 0.07% by dependent pkgs
PR Status
Open 299 (38.5%)
Merged 0 (0.0%)
Closed 478 (61.5%)
PR Types
Minor 754 (97.0%)
Patch 20 (2.6%)
Removal 1 (0.1%)