CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

Protection Mechanism Failure

Overview vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Protection Mechanism Failure through the NodeVM builtin wildcard expansion in lib/builtin.js. An attacker can load Node’s private underscored network...

9.3CVSS5.9AI score

Exploits0References2

Snyk•added 2026/05/08 4:22 p.m.•7 views

Improper Isolation or Compartmentalization

Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization through the setupSandboxScript bootstrap in lib/vm.js and lib/setup-sandbox.js. An attacke...

6.9CVSS5.9AI score0.00049EPSS

Exploits1References2

vulnersOsv•added 2026/02/24 3:24 a.m.•2 views

@antonyfaris/prefix-node-builtins (>=1.0.0 <=1.0.1), @anyauth/design-system (>=0.5.0 <=0.5.1) +21 more potentially affected by CVE-2026-27729 via astro (>=5.10.1 <=5.17.2)

astro NPM version =5.10.1, =1.0.0, =0.5.0, =0.0.1, =0.1.0, =0.0.1, =2.0.0, =2.18.7, =0.1.2-alpha.1, =0.0.28, =0.0.28, =1.5.1, =1.13.2, =0.0.1, =0.0.2 and more Source cves: CVE-2026-27729 Source advisory: SNYK:JS-ASTRO-15338138...

7.5CVSS5.8AI score0.00164EPSS

Exploits1

vulnersOsv•added 2025/11/19 8:0 p.m.•3 views

@antonyfaris/prefix-node-builtins (>=1.0.0 <=1.0.1), @anyauth/design-system (>=0.5.0 <=0.5.1) +18 more potentially affected by CVE-2025-64764 via astro (>=5.0.0-beta.5 <=5.15.6)

astro NPM version =5.0.0-beta.5, =1.0.0, =0.5.0, =0.0.1, =0.1.0, =0.0.1, =2.18.7, =0.1.2-alpha.1, =0.0.28, =0.0.28, =1.13.2, =0.1.8, =1.0.21, =1.0.22 and more Source cves: CVE-2025-64764 Source advisory: SNYK:JS-ASTRO-14059122...

7.1CVSS5.8AI score0.00243EPSS

Exploits1

vulnersOsv•added 2025/10/10 11:41 p.m.•1 views

@antonyfaris/prefix-node-builtins (>=1.0.0 <=1.0.1), @awesome-myst/myst-awesome (>=0.0.1 <=0.0.7) +10 more potentially affected by CVE-2025-61925 via astro (>=5.0.0-beta.5 <=5.14.1)

astro NPM version =5.0.0-beta.5, =1.0.0, =0.0.1, =0.0.1, =2.18.7, =0.1.2-alpha.1, =1.13.2, =0.1.8, =1.0.21, =0.0.1, =0.0.1, =1.249.8, =1.271.1 Source cves: CVE-2025-61925 Source advisory: SNYK:JS-ASTRO-13535085...

6.5CVSS5.8AI score0.00057EPSS

Exploits1

vulnersOsv•added 2025/08/19 3:40 p.m.•1 views

@antonyfaris/prefix-node-builtins (>=1.0.0 <=1.0.1), @awesome-myst/myst-awesome (>=0.0.1 <=0.0.7) +7 more potentially affected by CVE-2025-55303 via astro (>=5.0.0-beta.5 <=5.13.10)

astro NPM version =5.0.0-beta.5, =1.0.0, =0.0.1, =0.0.1, =0.1.8, =0.0.1, =0.0.1, =1.249.8, =1.267.0 Source cves: CVE-2025-55303 Source advisory: SNYK:JS-ASTRO-12027668...

6.9CVSS5.8AI score0.00127EPSS

Exploits1

CNNVD•added 2023/05/15 12:0 a.m.•1 views

vm2 注入漏洞

vm2 is an advanced virtual machine/sandbox for Node.js by individual developer Patrik Simek in the Czech Republic. to run untrusted code using whitelisted Node built-in modules. An injection vulnerability exists in vm2 3.9.17 and earlier versions, which stems from the fact that an attacker can ru...

5.3CVSS7.4AI score0.00668EPSS

Exploits0References7

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by