5 matches found
@activfinancial/activ-workstation (>=0.3.0 <=0.4.35), @activfinancial/time-series-chart (>=0.3.40 <=0.3.51) +36 more potentially affected by CVE-2026-1513 via billboard.js (>=1.0.1 <=3.14.0)
billboard.js NPM version =1.0.1, =0.3.0, =0.3.40, =3.0.0, =0.0.55, =1.0.0, =1.0.0, =4.0.0, =1.0.0, =1.0.0, =0.0.1-alpha.1, =5.4.0, =1.5.0, =2.0.0 and more Source cves: CVE-2026-1513 Source advisory: OSV:GHSA-RPC5-PM7Q-HJMP...
@mwater/visualization (>=5.4.0 <=5.7.0) potentially affected by CVE-2026-1513 via billboard.js (>=3.12.2 <=3.14.0)
billboard.js NPM version =3.12.2, =5.4.0, =5.7.0 Source cves: CVE-2026-1513 Source advisory: SNYK:JS-BILLBOARDJS-15135694...
PT-2026-5054
billboard.js before 3.18.0 allows an attacker to execute malicious JavaScript due to improper sanitization during chart option binding...
CVE-2025-49223
CVE-2025-49223 affects billboard.js v before 3.15.1, where the function generate enables prototype pollution that could lead to arbitrary code execution or a Denial of Service. The vulnerability is a result of object prototype pollution in the affected code path; derivatives of the issue are disc...
PT-2025-23732 · Unknown · Billboard.Js
Name of the Vulnerable Software and Affected Versions: billboard.js versions prior to 3.15.1 Description: The issue is related to a prototype pollution via the generate function, which could allow attackers to execute arbitrary code or cause a Denial of Service DoS by injecting arbitrary...