DevGuard Logo

🛡️ DevGuard
Group
/📚 DevGuard Documentation
Repository

Overview
Compliance
Artifacts
Code Risks
Dependency Risks
License Risks
Dependencies

CVE-2025-32014

estree-util-value-to-estree converts a JavaScript value to an ESTree expression. When generating an ESTree from a value with a property named __proto__, valueToEstree would generate an object that specifies a prototype instead. This vulnerability is fixed in 3.3.3.

Open
LOW (1.4)

Add a comment

Mark as False Positive
Last calculated at:

Affected component

estree-util-value-to-estree

Installed version:
3.2.1
Fixed in:
3.3.3
Show in dependency graph

Quick Fix

Update all Dependencies
Update only estree-util-value-to-estree

Management decisions across the organization

GitHubImprintTerms of UsePrivacy
Copyright © 2025 L3montree GmbH and the DevGuard Contributors. All rights reserved. Version 2ab7b793efd72421aea8c3a994ac60202bf1b3a5