CVE-2025-34146

A prototype pollution vulnerability exists in @nyariv/sandboxjs versions = 0.8.23, allowing attackers to inject arbitrary properties into Object.prototype via crafted JavaScript code. This can result in a denial-of-service DoS condition or, under certain conditions, escape the sandboxed environme...

CVE-2025-49131

FastGPT is an open-source project that provides a platform for building, deploying, and operating AI-driven workflows and conversational agents. The Sandbox container fastgpt-sandbox is a specialized, isolated environment used by FastGPT to safely execute user-submitted or dynamically generated...

PT-2025-24438

Name of the Vulnerable Software and Affected Versions FastGPT versions prior to 4.9.11 Description The issue concerns the Sandbox container in FastGPT, which has insufficient isolation and inadequate restrictions on code execution. This allows attackers to escape the intended sandbox boundaries b...

CVE-2023-46300

iTerm2 before 3.4.20 allow potentially remote code execution because of mishandling of certain escape sequences related to tmux integration...