PatchSiren

Svelte CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH Svelte CVE published 2026-01-15

CVE-2026-22775

CVE-2026-22775 is a denial of service vulnerability in Svelte Devalue, a JavaScript library for serializing values into strings. The vulnerability affects Devalue versions from 5.1.0 to 5.6.1 and can cause excessive CPU time and/or memory consumption when parsing input from untrusted sources. This can lead to denial of service in systems that use Devalue to parse externally-supplied data. The root cause o [truncated]