CVE-2026-34217 SandboxJS has a Sandbox Escape via Prop Object Leak in New Handler

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, a scope modification vulnerability exists in @nyariv/sandboxjs. The vulnerability allows untrusted sandboxed code to leak internal interpreter objects through the new operator, exposing sandbox scope objects in the scope hierarchy to...

CVE-2026-32723

SandboxJS (affected: SandboxJS) prior to 0.8.35 suffers an execution-quota bypass due to a race condition on the global currentTicks.current shared state across concurrent sandboxes. Timer handlers are compiled at execution time using the global tick state rather than the scheduling sandbox’s tic...

CVE-2026-25586 SandboxJS has a Sandbox Escape via Prototype Whitelist Bypass and Host Prototype Pollution

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, a sandbox escape is possible by shadowing hasOwnProperty on a sandbox object, which disables prototype whitelist enforcement in the property-access path. This permits direct access to proto and other blocked prototype properties,...

CVE-2026-25641 SandboxJS has a sandbox escape via TOCTOU bug on keys in property accesses

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, there is a sandbox escape vulnerability due to a mismatch between the key on which the validation is performed and the key used for accessing properties. Even though the key used in property accesses is annotated as string, this is...

GHSA-JJPW-65FV-8G48 @nyariv/sandboxjs has Sandbox Escape via Prototype Whitelist Bypass and Host Prototype Pollution

Summary A sandbox escape is possible by shadowing hasOwnProperty on a sandbox object, which disables prototype whitelist enforcement in the property-access path. This permits direct access to proto and other blocked prototype properties, enabling host Object.prototype pollution and persistent...

EUVD-2019-5152

Malware in sbrugna...