Linux Distros Unpatched Vulnerability : CVE-2025-69653

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A crafted JavaScript input can trigger an internal assertion failure in QuickJS release 2025-09-13, fixed in commit 1dbba8a88eaa40d15a8a9b70bb1a0b8fb5b552e6...

QuickJS resource management error vulnerability

QuickJS is a small and embeddable JavaScript engine developed by the QuickJS open-source project. Versions of QuickJS prior to 0.11.0 contained a resource management vulnerability, which stemmed from incorrect handling of the file quickjs.c. This vulnerability could lead to reusing resources afte...

CVE-2026-0822

A vulnerability was identified in quickjs-ng quickjs up to 0.11.0. This issue affects the function jstypedarraysort of the file quickjs.c. The manipulation leads to heap-based buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. The...

CVE-2026-0822

A vulnerability was identified in quickjs-ng quickjs up to 0.11.0. This issue affects the function jstypedarraysort of the file quickjs.c. The manipulation leads to heap-based buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. The...

UBUNTU-CVE-2026-0821

A vulnerability was determined in quickjs-ng quickjs up to 0.11.0. This vulnerability affects the function jstypedarrayconstructor of the file quickjs.c. Executing a manipulation can lead to heap-based buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed a...

QuickJS 安全漏洞

QuickJS is QuickJS open source a small and embeddable Javascript engine . A security vulnerability exists in QuickJS 0.11.0 and earlier versions, which is caused by a heap buffer overflow in the function jstypedarrayconstructor in the file quickjs.c, which could lead to the execution of arbitrary...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the jsarraybufferslice function. An attacker can access sensitive information or cause application instability by triggering a buffer over-read through crafted input. Remediation A fix was pushed into the...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the jsbiginttostring1 function. An attacker can access sensitive information from adjacent heap memory by triggering a crafted BigInt conversion that causes the engine to read beyond the allocated buffer...

QuickJS 安全漏洞

QuickJS is a small and embeddable Javascript engine open-sourced by QuickJS. A security vulnerability exists in QuickJS, which stems from an error in the computation of the median in the BigInt string conversion logic, which could lead to out-of-bounds reads and information disclosure...

EUVD-2025-7259

Malicious code in bioql PyPI...

EUVD-2025-12428

Malicious code in bioql PyPI...

CVE-2025-46687

quickjs-ng through 0.9.0 has a missing length check in JSReadString for a string, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected...

CVE-2025-46688

quickjs-ng through 0.9.0 has an incorrect size calculation in JSReadBigInt for a BigInt, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected...

QuickJS 安全漏洞

QuickJS is a small and embeddable Javascript engine open-sourced by QuickJS. A security vulnerability exists in QuickJS 0.9.0 and earlier versions, which stems from a lack of length checking in JSReadString, and may result in a heap buffer overflow...

CVE-2025-46688

CVE-2025-46688 affects quickjs-ng up to 0.9.0, with an incorrect size calculation in JS_ReadBigInt for a BigInt that leads to a heap-based buffer overflow. The vulnerability also affects QuickJS prior to 2025-04-26. Connected sources consistently describe the faulty size computation as the root c...

CVE-2025-46688

quickjs-ng through 0.9.0 has an incorrect size calculation in JSReadBigInt for a BigInt, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected...

CVE-2024-13903

A vulnerability was found in quickjs-ng QuickJS up to 0.8.0. It has been declared as problematic. Affected by this vulnerability is the function JSGetRuntime of the file quickjs.c of the component qjs. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely...

CVE-2024-13903

CVE-2024-13903 affects quickjs-ng QuickJS up to 0.8.0. The vulnerability targets the JS_GetRuntime function in quickjs.c (component qjs), enabling a stack-based buffer overflow. The issue can be exploited remotely. Upgrade to version 0.9.0 to address the vulnerability; the patch is identified by ...

CVE-2024-13903

A vulnerability was found in quickjs-ng QuickJS up to 0.8.0. It has been declared as problematic. Affected by this vulnerability is the function JSGetRuntime of the file quickjs.c of the component qjs. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely...

CVE-2023-48183

QuickJS before c4cdd61 has a buildforiniterator NULL pointer dereference because of an erroneous lexical scope of "this" with eval...