`jsonpath`

Ecosystem:
npm

Package URL:
pkg:npm/jsonpath

Total PRs:
777 Dependabot PRs

Latest PR:
11 days ago

Unique Repositories:
695 repositories

Unique Repos (30 days):
7 repositories

Security Advisories

jsonpath has Arbitrary Code Injection via Unsafe Evaluation of JSON Path Expressions

GHSA-87r5-mp6g-5w5j CVE-2026-1615 HIGH published 4 months ago • updated 1 day ago

### Impact **Arbitrary Code Injection (Remote Code Execution & XSS):** A critical security vulnerability affects **all versions** of the `jsonpat...

JSONPath vulnerable to Prototype Pollution due to insufficient input validation of object keys in lib/index.js

GHSA-6c59-mwgh-r2x6 CVE-2025-61140 MODERATE published 5 months ago • updated 2 days ago

The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution.

Recent PRs (filtered by: Removal PRs )

RSS Feed Clear filter

Bump jsonpath and @cdklabs/cdk-ssm-documents in /source

aws-solutions/automated-security-response-on-aws #284

removed Removal PR

Closed 3 months ago 1 comment

Package Details

Name:	`jsonpath`
Ecosystem:	npm
PURL Type:	npm
Package URL:	`pkg:npm/jsonpath`
JSON API:	View JSON

Security Advisories

2

Active advisories

HIGH 1

MODERATE 1

View All npm Advisories

Package Information

Description:

Query JavaScript objects with JSONPath expressions. Robust / safe JSONPath engine for Node.js.

Repository:	https://github.com/dchester/jsonpath
Homepage:	https://github.com/dchester/jsonpath#readme
Latest Release:	`1.1.1` about 5 years ago
Dependent Repos:	18,744
Dependent Packages:	1,059
Downloads:	13,549,500
Ranking:	Top 0.2086% by dependent repos Top 0.1583% by downloads Top 0.07% by dependent pkgs

PR Status

Open 299 (38.5%)

Merged 0 (0.0%)

Closed 478 (61.5%)

PR Types

Minor 754 (97.0%)

Patch 20 (2.6%)

Removal 1 (0.1%)