CVE-2025-57353

The Runtime components of messageformat package for Node.js before 3.0.2 contain a prototype pollution vulnerability. Due to insufficient validation of nested message keys during the processing of message data, an attacker can manipulate the prototype chain of JavaScript objects by providing...

GHSA-FWFX-RRV8-CRPF op_panic in the base runtime can force a panic in the runtime's containing thread

Affected versions use denocore releases that expose Deno.core.ops.oppanic to the JS runtime in the base core This function when called triggers a manual panic in the thread containing the runtime. It can be fixed by stubbing out the exposed op: javascript Deno.core.ops.oppanic = msg = throw new...

op_panic in the base runtime can force a panic in the runtime's containing thread

Affected versions use denocore releases that expose Deno.core.ops.oppanic to the JS runtime in the base core This function when called triggers a manual panic in the thread containing the runtime, breaking sandboxing It can be fixed by stubbing out the exposed op: javascript Deno.core.ops.oppanic...

GHSA-CMR8-5W4C-44V8 Fastly Compute@Edge JS Runtime has fixed random number seed during compilation

Impact Math.random and crypto.getRandomValues methods failed to use sufficiently random values. The initial value to seed the CSPRNG cryptographically secure pseudorandom number generator was baked-in to the final WebAssembly module meaning the sequence of numbers generated was predictable for th...

Fastly Compute@Edge JS Runtime has fixed random number seed during compilation

Impact Math.random and crypto.getRandomValues methods failed to use sufficiently random values. The initial value to seed the CSPRNG cryptographically secure pseudorandom number generator was baked-in to the final WebAssembly module meaning the sequence of numbers generated was predictable for th...