orpc — Vulnerabilities & Security Advisories 2

All 2 CVE vulnerabilities found in orpc, with AI-generated Chinese analysis, references, and POCs.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-33331	oRPC: Stored XSS in OpenAPI Reference Plugin via unescaped JSON.stringify CWE-79	8.2	High	2026-03-24
CVE-2026-28794	oRPC: Prototype Pollution in `@orpc/client` via `StandardRPCJsonSerializer` Deserialization CWE-1321	9.8	-	2026-03-06

All 2 known CVE vulnerabilities affecting orpc with full Chinese analysis, references, and POCs where available.