CVE-2025-62490

In quickjs, in jsprintobject, when printing an array, the function first fetches the array length and then loops over it. The issue is, printing a value is not side-effect free. An attacker-defined callback could run during jsprintvalue, during which the array could get resized and len1 become ou...

CVE-2025-62490 Use-after-free in js_print_object in QuickJS

In quickjs, in jsprintobject, when printing an array, the function first fetches the array length and then loops over it. The issue is, printing a value is not side-effect free. An attacker-defined callback could run during jsprintvalue, during which the array could get resized and len1 become ou...

PT-2025-42489

Name of the Vulnerable Software and Affected Versions QuickJS affected versions not specified Description An issue exists in the QuickJS engine related to floating-point arithmetic precision errors within the TypedArray.prototype.indexOf function when a negative fromIndex argument is provided...

QuickJS 安全漏洞

QuickJS is a small and embeddable Javascript engine open-sourced by QuickJS. A security vulnerability exists in QuickJS, which stems from a floating-point precision error in the TypedArray.prototype.indexOf function when handling a negative fromIndex parameter, which could lead to out-of-bounds...

PT-2025-42490

Name of the Vulnerable Software and Affected Versions QuickJS affected versions not specified Description An issue exists in the QuickJS engine’s BigInt string conversion logic within the js bigint to string1 function. This is due to an incorrect calculation of the required number of digits,...

QuickJS 安全漏洞

QuickJS is a small and embeddable Javascript engine open-sourced by QuickJS. A security vulnerability exists in QuickJS, which stems from the jsprintobject function not properly handling array size changes during callbacks when printing arrays and collection objects, potentially leading to reuse...

QuickJS 安全漏洞

QuickJS is a small and embeddable Javascript engine open-sourced by QuickJS. A security vulnerability exists in QuickJS due to a type confusion when handling string addition operations, which could lead to out-of-bounds memory accesses and memory corruption to execute arbitrary code...

QuickJS 安全漏洞

QuickJS is a small and embeddable Javascript engine open-sourced by QuickJS. A security vulnerability exists in QuickJS that stems from a post-release reuse issue when handling unprocessed rejected promise lists, which could lead to memory corruption...

QuickJS 安全漏洞

QuickJS is a small and embeddable Javascript engine open-sourced by QuickJS. A security vulnerability exists in QuickJS that stems from an integer overflow in the BigInt string parsing logic, which could result in a heap out-of-bounds write...

PT-2025-42491

Name of the Vulnerable Software and Affected Versions QuickJS affected versions not specified Description A type confusion issue exists in the QuickJS engine related to how the string addition + operation is handled. The issue arises because an attacker can manipulate the type of the left-hand...

QuickJS 安全漏洞

QuickJS is a small and embeddable Javascript engine open-sourced by QuickJS. A security vulnerability exists in QuickJS, which stems from an error in the computation of the median in the BigInt string conversion logic, which could lead to out-of-bounds reads and information disclosure...

QuickJS 安全漏洞

QuickJS is a small and embeddable Javascript engine open-sourced by QuickJS. A security vulnerability exists in QuickJS that stems from an inconsistent representation of buffer sizes due to an integer overflow in the regular expression engine, which could lead to out-of-bounds writes...

EUVD-2020-15632

Malware in sbrugna...

EUVD-2025-7259

Malicious code in bioql PyPI...

EUVD-2025-12432

Malicious code in bioql PyPI...

EUVD-2023-36211

Malicious code in bioql PyPI...

EUVD-2025-12428

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-46688

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - quickjs-ng through 0.9.0 has an incorrect size calculation in JSReadBigInt for a BigInt, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is...

Linux Distros Unpatched Vulnerability : CVE-2025-46687

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - quickjs-ng through 0.9.0 has a missing length check in JSReadString for a string, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also...

Linux Distros Unpatched Vulnerability : CVE-2024-33263

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - QuickJS commit 3b45d15 was discovered to contain an Assertion Failure via JSFreeRuntimeJSRuntime at quickjs.c. CVE-2024-33263 Note that Nessus relies on the...