Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

jsonpath

Ecosystem:
npm
Package URL:
pkg:npm/jsonpath
Total PRs:
777 Dependabot PRs
Latest PR:
10 days ago
Unique Repositories:
695 repositories
Unique Repos (30 days):
7 repositories
Security Advisories
jsonpath has Arbitrary Code Injection via Unsafe Evaluation of JSON Path Expressions
GHSA-87r5-mp6g-5w5j CVE-2026-1615 HIGH published 4 months ago • updated 1 day ago
### Impact **Arbitrary Code Injection (Remote Code Execution & XSS):** A critical security vulnerability affects **all versions** of the `jsonpat...
JSONPath vulnerable to Prototype Pollution due to insufficient input validation of object keys in lib/index.js
GHSA-6c59-mwgh-r2x6 CVE-2025-61140 MODERATE published 5 months ago • updated 1 day ago
The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution.
Recent PRs (filtered by: Open , Patch PRs )
RSS Feed Clear filter
Bump jsonpath from 1.2.0 to 1.2.1

ap-communications/platt-backstage-plugin #342

1.2.0 → 1.2.1 Patch PR
Open 4 months ago 1 comment
ap-communications
build(deps): Bump jsonpath from 1.2.0 to 1.2.1 in the npm_and_yarn group across 1 directory

romantech/search-times #55

1.2.0 → 1.2.1 Patch PR
Open 4 months ago 1 comment
romantech
Bump jsonpath from 1.2.0 to 1.2.1 in /frontend

RunaVault/RunaVault #28

1.2.0 → 1.2.1 Patch PR
Open 4 months ago 1 comment
RunaVault
Bump jsonpath from 1.2.0 to 1.2.1

IsaacHatton/solutionbank #17

1.2.0 → 1.2.1 Patch PR
Open 4 months ago 2 comments
IsaacHatton
Bump the npm_and_yarn group across 2 directories with 2 updates

vinnieboy707/Hydra-termux #42

1.2.0 → 1.2.1 Patch PR
Open 4 months ago 2 comments
vinnieboy707
Bump jsonpath from 1.2.0 to 1.2.1 in /ui

ONSdigital/ssdc-rm-support-tool #393

1.2.0 → 1.2.1 Patch PR
Open 4 months ago 2 comments
ONSdigital
Bump jsonpath from 1.2.0 to 1.2.1 in /frontend

WFP-VAM/prism-app #1732

1.2.0 → 1.2.1 Patch PR
Open 4 months ago 1 comment
WFP-VAM
chore(deps-dev): bump jsonpath from 1.2.0 to 1.2.1 in /tests/performance/load

stackrox/stackrox #19000

1.2.0 → 1.2.1 Patch PR
Open 4 months ago 3 comments
stackrox
build(deps): bump jsonpath from 1.2.0 to 1.2.1 in /shop-frontend

bansikah22/shop-app #43

1.2.0 → 1.2.1 Patch PR
Open 4 months ago 1 comment
bansikah22
Bump jsonpath from 1.2.0 to 1.2.1 in /trick_source/web/dashboard

nasa/trick #2045

1.2.0 → 1.2.1 Patch PR
Open 4 months ago 1 comment
nasa
Bump jsonpath from 1.2.0 to 1.2.1 in the npm_and_yarn group across 1 directory

minnukota381/Social-Media-Dashboard-UI-React #239

1.2.0 → 1.2.1 Patch PR
Open 4 months ago 1 comment
minnukota381
Bump jsonpath from 1.2.0 to 1.2.1

COVISART/covisart.github.io #32

1.2.0 → 1.2.1 Patch PR
Open 4 months ago 1 comment
COVISART
Package Details
Name: jsonpath
Ecosystem: npm
PURL Type: npm
Package URL: pkg:npm/jsonpath
JSON API: View JSON
Security Advisories

2

Active advisories
HIGH 1
MODERATE 1
View All npm Advisories
Package Information
Description:

Query JavaScript objects with JSONPath expressions. Robust / safe JSONPath engine for Node.js.

Repository: https://github.com/dchester/jsonpath
Homepage: https://github.com/dchester/jsonpath#readme
Latest Release: 1.1.1
about 5 years ago
Dependent Repos: 18,744
Dependent Packages: 1,059
Downloads: 13,549,500
Ranking: Top 0.2086% by dependent repos Top 0.1583% by downloads Top 0.07% by dependent pkgs
PR Status
Open 299 (38.5%)
Merged 0 (0.0%)
Closed 478 (61.5%)
PR Types
Minor 754 (97.0%)
Patch 20 (2.6%)
Removal 1 (0.1%)