CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

85 matches found

Github Security Blog•added 2026/03/27 6:18 p.m.•17 views

Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects

Impact What kind of vulnerability is it? It is a Denial of Service DoS vulnerability caused by CPU exhaustion. When serializing a specially crafted "array-like" object an object that inherits from Array.prototype but has a very large length property, the process enters an intensive loop that...

7.5CVSS5.8AI score0.00018EPSS

Exploits0References6Affected Software1

Snyk•added 2026/03/27 6:18 p.m.•1 views

Allocation of Resources Without Limits or Throttling

Overview serialize-javascript is a package to serialize JavaScript to a superset of JSON that includes regular expressions and functions. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the serialize function when handling specially...

8.2CVSS5.9AI score0.00018EPSS

Exploits0References2

OSV•added 2026/03/27 6:18 p.m.•1 views

GHSA-QJ8W-GFJ5-8C6V Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects

5.9CVSS5.8AI score0.00018EPSS

Exploits0References6

Snyk•added 2026/03/27 6:18 p.m.•3 views

Allocation of Resources Without Limits or Throttling

Overview org.webjars.npm:serialize-javascript is a package to serialize JavaScript to a superset of JSON that includes regular expressions and functions. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the serialize function when...

8.2CVSS5.9AI score0.00018EPSS

Exploits0References2

Positive Technologies•added 2026/03/27 12:0 a.m.•2 views

PT-2026-28596

Name of the Vulnerable Software and Affected Versions serialize-javascript versions prior to 7.0.5 Description This issue involves a Denial of Service DoS caused by CPU exhaustion. When serializing a specially crafted "array-like" object – an object inheriting from Array.prototype with a very lar...

7.5CVSS5.9AI score0.00018EPSS

Exploits0References194

IBM Security Bulletins•added 2026/03/18 4:9 p.m.•3 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to arbitrary code execution (GHSA-5c6j-r48x-rmvq)

Summary Node.js module serialize-javascript is used by IBM App Connect Enterprise Certified Container DesignerAuthoring operands. DesignerAuthoring operands are vulnerable to arbitrary code execution. This bulletin provides patch information to address the reported vulnerability in Node.js module...

8.1CVSS7.6AI score0.02901EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2026/03/04 3:38 p.m.•4 views

Security Bulletin: Cross-Site Scripting (XSS) Vulnerability in serialize-javascript Due to Improper Input Sanitization affects watsonx.data

Summary A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when...

5.4CVSS5.9AI score0.01129EPSS

Exploits0Affected Software1

OSV•added 2026/02/28 2:50 a.m.•2 views

GHSA-5C6J-R48X-RMVQ Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()

Impact The serialize-javascript npm package versions tags, the injected code executes. javascript const serialize = require'serialize-javascript'; // Create an object that passes instanceof RegExp with a spoofed .flags const fakeRegex = Object.createRegExp.prototype; Object.definePropertyfakeRege...

8.1CVSS7.2AI score0.02901EPSS

Exploits0References6

Github Security Blog•added 2026/02/28 2:50 a.m.•27 views

Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()

8.1CVSS7.3AI score0.02901EPSS

Exploits0References6Affected Software1

RedHat Linux•added 2026/01/29 7:2 a.m.•4 views

npm-serialize-javascript: Cross-site Scripting (XSS) in serialize-javascript

A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by...

5.4CVSS5.8AI score0.01129EPSS

Exploits0References6

IBM Security Bulletins•added 2025/12/30 5:56 p.m.•6 views

Security Bulletin: IBM Storage Ceph is vulnerable to Cross-site Scripting in npm-serialize-javascript (CVE-2024-11831)

Summary npm-serialize-javascript is used by IBM Storage Ceph in assorted components. CVE-2024-11831 Vulnerability Details CVEID:CVE-2024-11831 DESCRIPTION: A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize...

5.4CVSS5.9AI score0.01129EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2025/12/17 10:44 a.m.•2 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to Cross-site Scripting due to serialize-javascript

Summary serialize-javascript is used by IBM watsonx Orchestrate Developer Edition as part of wxo-chat image Vulnerability Details CVEID:CVE-2024-11831 DESCRIPTION: A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly...

5.4CVSS5.9AI score0.01129EPSS

Exploits0Affected Software1

RedHat Linux•added 2025/11/12 2:43 a.m.•0 views

npm-serialize-javascript: Cross-site Scripting (XSS) in serialize-javascript

5.4CVSS5.8AI score0.01129EPSS

Exploits0References6

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2019-0792

Malware in sbrugna...

5.4CVSS6.2AI score0.00406EPSS

Exploits0References8

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2020-0628

Malware in sbrugna...

8.1CVSS8.7AI score0.02901EPSS

Exploits0References6

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2025-4485

Malicious code in bioql PyPI...

5.4CVSS7.6AI score0.01129EPSS

Exploits0References15

Microsoft CVE•added 2025/09/03 11:4 p.m.•2 views

Npm-serialize-javascript: cross-site scripting (xss) in serialize-javascript

...

5.4CVSS7AI score0.01129EPSS

Exploits0

IBM Security Bulletins•added 2025/07/01 10:22 a.m.•4 views

Security Bulletin: IBM Event Endpoint Management is vulnerable to a Cross-site scripting (XSS) attack (CVE-2024-11831).

Summary IBM Event Endpoint Management is vulnerable to a Cross-site scripting XSS attack due to a flaw in npm-serialize-javascript. It is used for safely serialize complex JavaScript objects for storage or transmission. Vulnerability Details CVEID:CVE-2024-11831 DESCRIPTION: A flaw was found in...

5.4CVSS6.1AI score0.01129EPSS

Exploits0Affected Software1

OSV•added 2025/02/10 6:30 p.m.•1 views

GHSA-76P7-773F-R4Q5 Cross-site Scripting (XSS) in serialize-javascript

5.4CVSS7AI score0.01129EPSS

Exploits0References27

vulnersOsv•added 2025/02/10 6:30 p.m.•4 views

@aadarshjr/reweb-js (>=1.0.7 <=1.0.17), @acentswap/ace-core-trial (>=10.4.0 <=10.7.0) +1736 more potentially affected by CVE-2024-11831 via serialize-javascript (>=6.0.0 <=6.0.1)

serialize-javascript NPM version =6.0.0, =1.0.7, =10.4.0, =9.0.0, =10.0.0, =10.0.0, =10.5.0, =10.4.0, =1.1.8, =0.4.10, =5.0.0, =6.0.0 and more Source cves: CVE-2024-11831 Source advisory: OSV:GHSA-76P7-773F-R4Q5...

5.4CVSS7.1AI score0.01129EPSS

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by