CVE-2026-24888

Maker.js is a 2D vector line drawing and shape modeling for CNC and laser cutters. In versions up to and including 0.19.1, the makerjs.extendObject function copies properties from source objects without proper validation, potentially exposing applications to security risks. The function lacks...

EUVD-2026-4851

Maker.js has Unsafe Property Copying in makerjs.extendObject...

@applica-software-guru/cnc-bit-configurator (>=1.0.2 <=1.1.29), @damsenviet/keybits (>=0.0.0 <=0.0.2) +10 more potentially affected by CVE-2026-24888 via makerjs (>=0.11.2 <=0.18.2)

makerjs NPM version =0.11.2, =1.0.2, =0.0.0, =1.0.0, =1.1.0, =0.0.1, =1.0.0, =1.0.0, =1.0.0, =1.0.2, =1.0.9 Source cves: CVE-2026-24888 Source advisory: SNYK:JS-MAKERJS-15155931...

CVE-2026-24888

Maker.js is a 2D vector line drawing and shape modeling for CNC and laser cutters. In versions up to and including 0.19.1, the makerjs.extendObject function copies properties from source objects without proper validation, potentially exposing applications to security risks. The function lacks...

CVE-2026-24888

Maker.js (makerjs.extendObject) is vulnerable to unsafe property copying. The function iterates with for...in without hasOwnProperty() checks and fails to filter dangerous keys, enabling inherited or crafted properties (e.g., proto ) to be copied to targets. This prototype-pollution risk is docum...

CVE-2026-24888 Maker.js Vulnerable to Unsafe Property Copying in makerjs.extendObject

Maker.js is a 2D vector line drawing and shape modeling for CNC and laser cutters. In versions up to and including 0.19.1, the makerjs.extendObject function copies properties from source objects without proper validation, potentially exposing applications to security risks. The function lacks...

CVE-2026-24888 Maker.js Vulnerable to Unsafe Property Copying in makerjs.extendObject

Maker.js is a 2D vector line drawing and shape modeling for CNC and laser cutters. In versions up to and including 0.19.1, the makerjs.extendObject function copies properties from source objects without proper validation, potentially exposing applications to security risks. The function lacks...

PT-2026-5230

Name of the Vulnerable Software and Affected Versions Maker.js versions up to and including 0.19.1 Description Maker.js is a 2D vector line drawing and shape modeling library for CNC and laser cutters. The makerjs.extendObject function copies properties from source objects without proper...

Malicious code in makerjs-dev (npm)

The package communicates with a domain associated with malicious activity...

MAL-2025-6939 Malicious code in makerjs-dev (npm)

The package communicates with a domain associated with malicious activity...

Malicious code in makerjs-wrap-text (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware be2128bc765928893850f3d6426a53fe36709f7733af266b64e522fc872e6234 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-4466 Malicious code in makerjs-wrap-text (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware be2128bc765928893850f3d6426a53fe36709f7733af266b64e522fc872e6234 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...