CVE-2025-46688

quickjs-ng through 0.9.0 has an incorrect size calculation in JSReadBigInt for a BigInt, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected...

Gen_Prime (>=0.1.0 <=1.1.9), anchor-token (>=0.0.1 <=0.3.0-alpha.1) +93 more potentially affected by CVE-2020-35880 via bigint (>=1.0.5 <=4.4.3)

bigint CARGO version =1.0.5, =0.1.0, =0.0.1, =3.6.1, =1.0.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =1.0.1 - csepicwalletapi =1.0.0 and more Source cves: CVE-2020-35880 Source advisory: OSV:GHSA-WGX2-6432-J3FW...

Prototype Pollution

json-bigint is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as proto to cause a denial of service condition...

Gen_Prime (>=0.1.0 <=1.1.9), anchor-token (>=0.0.1 <=0.3.0-alpha.1) +93 more potentially affected by CVE-2020-35880 via bigint (>=1.0.5 <=4.4.3)

bigint CARGO version =1.0.5, =0.1.0, =0.0.1, =3.6.1, =1.0.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =1.0.1 - csepicwalletapi =1.0.0 and more Source cves: CVE-2020-35880 Source advisory: OSV:RUSTSEC-2020-0025...