Browse all 4 CVE security advisories affecting orval-labs. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Orval-labs develops security tools and testing frameworks, primarily focused on identifying vulnerabilities in web applications and APIs. Historically, their products have been associated with common vulnerability classes including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation flaws. The organization has recorded four CVEs to date, with notable characteristics including improper input validation and insecure default configurations. While no major security incidents have been publicly documented, their tools have occasionally been found to contain vulnerabilities similar to those they aim to detect, raising questions about their own security practices.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-25141 | Orval has a code injection via unsanitized x-enum-descriptions uing JS comments — orvalCWE-94 | 8.6AI | HighAI | 2026-01-30 |
| CVE-2026-24132 | Orval Mock Generation Code Injection via const — orvalCWE-77 | 8.1 | - | 2026-01-22 |
| CVE-2026-23947 | Orval MCP client is vulnerable to code injection via unsanitized x-enum-descriptions in enum generation — orvalCWE-77 | 10.0AI | CriticalAI | 2026-01-20 |
| CVE-2026-22785 | orval MCP client is vulnerable to a code injection attack. — orvalCWE-77 | 8.2AI | HighAI | 2026-01-12 |
This page lists every published CVE security advisory associated with orval-labs. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.