Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

Patchstack
Patchstackadded 2026/05/08 4:22 p.m.6 views

NPM: vm2 has access to `VM2_INTERNAL_STATE_DO_NOT_USE_OR_PROGRAM_WILL_FAIL`

NPM: vm2 has access to VM2INTERNALSTATEDONOTUSEORPROGRAMWILLFAIL vulnerability discovered by ? in WordPress Npm vm2 versions 3.11.2...

5.8AI score
Exploits0References3Affected Software1
vulnersOsv
vulnersOsvadded 2026/05/07 4:10 a.m.3 views

org.webjars.npm:degenerator (=4.0.4), org.webjars.npm:pac-resolver (=6.0.2) +1 more potentially affected by CVE-2026-44001 via org.webjars.npm:vm2 (=3.9.19)

org.webjars.npm:vm2 MAVEN version =3.9.19 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:vm2 and may be impacted: - org.webjars.npm:degenerator =4.0.4 - org.webjars.npm:pac-resolver =6.0.2 - org.webjars.npm:rocket.chatapps-engine =1.35...

8.6CVSS5.8AI score0.00052EPSS
Exploits1
OSV
OSVadded 2025/12/24 8:29 a.m.4 views

ROOT-APP-NPM-CVE-2023-32314 CVE-2023-32314 in @rootio/vm2 - Patched by Root

Root has patched CVE-2023-32314 in the @rootio/vm2 package for Root:npm. Multiple fixed versions available...

10CVSS5.4AI score0.64898EPSS
Exploits1
Github Security Blog
Github Security Blogadded 2022/12/21 6:30 a.m.53 views

vm2 vulnerable to Arbitrary Code Execution

The package vm2 before 3.9.10 is vulnerable to Arbitrary Code Execution due to the usage of prototype lookup for the WeakMap.prototype.set method. Exploiting this vulnerability leads to access to a host object and a sandbox compromise...

9.8CVSS2.9AI score0.00495EPSS
Exploits1References6Affected Software1
Prion
Prionadded 2022/07/13 9:15 a.m.14 views

Code injection

This affects the package vm2 before 3.6.11. It is possible to trigger a RangeError exception from the host rather than the "sandboxed" context by reaching the stack call limit with an infinite recursion. The returned object is then used to reference the mainModule property of the host code runnin...

7.5CVSS8.4AI score0.00818EPSS
Exploits1References3Affected Software1
NVD
NVDadded 2022/02/11 8:15 p.m.15 views

CVE-2021-23555

The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of arbitrary code on the host machine...

10CVSS0.01127EPSS
Exploits1References2
Prion
Prionadded 2022/02/11 8:15 p.m.22 views

Improper access control

The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of arbitrary code on the host machine...

10CVSS9.6AI score0.01127EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2022/02/11 8:0 p.m.19 views

CVE-2021-23555 Sandbox Bypass

The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of arbitrary code on the host machine...

9.8CVSS9.9AI score0.01127EPSS
Exploits1References2
NVD
NVDadded 2021/10/18 5:15 p.m.12 views

CVE-2021-23449

This affects the package vm2 before 3.9.4 via a Prototype Pollution attack vector, which can lead to execution of arbitrary code on the host machine...

10CVSS0.02202EPSS
Exploits1References5
Rows per page
Query Builder