CVE-2026-25520

CVE-2026-25520 affects SandboxJS (JavaScript sandboxing library) prior to version 0.8.29. The underlying issue is that function return values aren’t wrapped, allowing attackers to use Object.values/Object.entries and Array.prototype.at to retrieve the host’s Function constructor. With access to t...

CVE-2026-25587 SandboxJS has a Sandbox Escape

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, as Map is in SAFEPROTOYPES, it's prototype can be obtained via Map.prototype. By overwriting Map.prototype.has the sandbox can be escaped. This vulnerability is fixed in 0.8.29...

CVE-2026-25587

CVE-2026-25587 affects SandboxJS. Prior to 0.8.29, the Map object’s prototype could be leaked via Map.prototype, allowing an attacker to overwrite Map.prototype.has and escape the sandbox. The Red Hat/NVD entries describe this as a sandbox-escape vulnerability with potential for remote code execu...

CVE-2026-25587 SandboxJS has a Sandbox Escape

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, as Map is in SAFEPROTOYPES, it's prototype can be obtained via Map.prototype. By overwriting Map.prototype.has the sandbox can be escaped. This vulnerability is fixed in 0.8.29...

CVE-2026-25587 SandboxJS has a Sandbox Escape

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, as Map is in SAFEPROTOYPES, it's prototype can be obtained via Map.prototype. By overwriting Map.prototype.has the sandbox can be escaped. This vulnerability is fixed in 0.8.29...

CVE-2026-25641 SandboxJS has a sandbox escape via TOCTOU bug on keys in property accesses

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, there is a sandbox escape vulnerability due to a mismatch between the key on which the validation is performed and the key used for accessing properties. Even though the key used in property accesses is annotated as string, this is...

EUVD-2026-5589

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, there is a sandbox escape vulnerability due to a mismatch between the key on which the validation is performed and the key used for accessing properties. Even though the key used in property accesses is annotated as string, this is...

CVE-2026-25641 SandboxJS has a sandbox escape via TOCTOU bug on keys in property accesses

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, there is a sandbox escape vulnerability due to a mismatch between the key on which the validation is performed and the key used for accessing properties. Even though the key used in property accesses is annotated as string, this is...

SandboxJS 安全漏洞

SandboxJS is a security assessment tool developed by nyariv. Versions of SandboxJS prior to 0.8.29 contained a security vulnerability. This vulnerability stemmed from the execution of validation keys that did not match the keys used to access properties, which could lead to sandbox escape...

SandboxJS 安全漏洞

SandboxJS is a security assessment tool developed by nyariv. Versions of SandboxJS prior to 0.8.29 contained a security vulnerability that could lead to sandbox escape by overriding Map.prototype.has...

SandboxJS 安全漏洞

SandboxJS is a security assessment tool developed by nyariv’s individual developer. Versions of SandboxJS prior to 0.8.29 contained security vulnerabilities; these vulnerabilities stemmed from unboxed function return values, which could allow arbitrary code to be executed outside of the sandbox...

SandboxJS 安全漏洞

SandboxJS is a security assessment tool developed by nyariv’s individual developer. Versions of SandboxJS prior to 0.8.29 contained a security vulnerability. This vulnerability stemmed from the use of hasOwnProperty to mask objects in the sandbox, allowing sandbox escape and disabling the prototy...

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview @nyariv/sandboxjs is a Javascript sandboxing library. Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition in addOps and other methods in executor.ts, which do not enforce the type of property keys. An attacker can execute arbitrary code on...

@afidos/nestjs-event-notifications (>=2.2.1 <=2.2.2), @mieweb/wikigdrive (>=2.15.0 <=2.17.1) +3 more potentially affected by CVE-2026-25641 via @nyariv/sandboxjs (>=0.5.3 <=0.8.25)

@nyariv/sandboxjs NPM version =0.5.3, =2.2.1, =2.15.0, =0.2.0, =11.0.0, =12.0.1 Source cves: CVE-2026-25641 Source advisory: SNYK:JS-NYARIVSANDBOXJS-15248293...

GHSA-7X3H-RM86-3342 @nyariv/sandboxjs vulnerable to sandbox escape via TOCTOU bug on keys in property accesses

Summary A sandbox escape vulnerabilities due to a mismatch between the key on which the validation is performed and the key used for accessing properties. Details Even though the key used in property accesses b in the code below is annotated as string, this is never enforced:...

Arbitrary Code Injection

Overview @nyariv/sandboxjs is a Javascript sandboxing library. Affected versions of this package are vulnerable to Arbitrary Code Injection by overriding the Map.prototype.has method. An attacker can execute arbitrary code on the underlying operating system because Map is included in SAFEPROTOYPE...

@afidos/nestjs-event-notifications (>=2.2.1 <=2.2.2), @mieweb/wikigdrive (>=2.15.0 <=2.17.1) +3 more potentially affected by CVE-2026-25142 +1 more via @nyariv/sandboxjs (>=0.5.3 <=0.8.25)

@nyariv/sandboxjs NPM version =0.5.3, =2.2.1, =2.15.0, =0.2.0, =11.0.0, =12.0.1 Source cves: CVE-2026-25142, CVE-2026-25587 Source advisory: SNYK:JS-NYARIVSANDBOXJS-15248292...

GHSA-66H4-QJ4X-38XP @nyariv/sandboxjs has a Sandbox Escape vulnerability

Summary As Map is in SAFEPROTOYPES, it's prototype can be obtained via Map.prototype. By overwriting Map.prototype.has the sandbox can be escaped. Details This is effectively equivalent to CVE-2026-25142, but without lookupGetter let was used during testing, it turns out the let implementation is...

@nyariv/sandboxjs has a Sandbox Escape vulnerability

Summary As Map is in SAFEPROTOYPES, it's prototype can be obtained via Map.prototype. By overwriting Map.prototype.has the sandbox can be escaped. Details This is effectively equivalent to CVE-2026-25142, but without lookupGetter let was used during testing, it turns out the let implementation is...

@afidos/nestjs-event-notifications (>=2.2.1 <=2.2.2), @mieweb/wikigdrive (>=2.15.0 <=2.17.1) +3 more potentially affected by CVE-2026-25586 via @nyariv/sandboxjs (>=0.5.3 <=0.8.25)

@nyariv/sandboxjs NPM version =0.5.3, =2.2.1, =2.15.0, =0.2.0, =11.0.0, =12.0.1 Source cves: CVE-2026-25586 Source advisory: SNYK:JS-NYARIVSANDBOXJS-15248294...