5 matches found
Prototype Pollution
happy-dom is vulnerable to Prototype Pollution. The vulnerability is due to untrusted JavaScript running in the same isolate as the main application despite the --disallow-code-generation-from-strings flag, which allows an attacker to deploy prototype-pollution payloads to hijack critical...
CVE-2025-62410
CVE-2025-62410 affects happy-dom prior to version 20.0.2, where the --disallow-code-generation-from-strings mitigation does not fully isolate untrusted JavaScript. The untrusted script and the rest of the application run in the same Isolate/process, allowing prototype-pollution payloads to hijack...
@adaptive-web/adaptive-ui (>=0.4.1 <=0.13.1), @adaptive-web/adaptive-ui-designer-core (>=0.1.0 <=0.6.0) +373 more potentially affected by CVE-2025-61927 via happy-dom (>=0.0.1 <=1.18.2)
happy-dom NPM version =0.0.1, =0.4.1, =0.1.0, =0.1.0, =0.6.1, =0.0.0, =0.1.1, =0.1.0, =0.11.0, =16.0.0, =0.0.1-beta.9, =0.0.1-beta.3, =0.0.1-alpha.0, =0.0.1-alpha.2, =0.0.1-alpha.5 and more Source cves: CVE-2025-61927 Source advisory: OSV:GHSA-37J7-FG3J-429F...
EUVD-2024-3226
Malicious code in bioql PyPI...
@adaptive-web/adaptive-ui (>=0.4.1 <=0.13.1), @adaptive-web/adaptive-ui-designer-core (>=0.1.0 <=0.6.0) +185 more potentially affected by CVE-2024-51757 via happy-dom (>=0.0.1 <=15.0.0)
happy-dom NPM version =0.0.1, =0.4.1, =0.1.0, =0.1.0, =0.6.1, =0.11.0, =16.0.0, =0.0.1-beta.9, =0.0.1-beta.3, =0.0.1-alpha.0, =0.0.1-alpha.2, =0.1.2, =0.0.2, =1.0.4, =1.0.306 - @devsisters/gatsby-preset =3.0.0-rc - @devsisters/gatsby-stack =2.0.0-rc and more Source cves: CVE-2024-51757 Source...