Quickjs Security Vulnerabilities and Issues — Quickjs CVE List

Quickjs-ngQuickjs

7 matches found

CVE•added 2026/01/10 1:32 p.m.•162 views

CVE-2026-0822

CVE-2026-0822 affects quickjs-ng quickjs up to 0.11.0. The issue targets the js_typed_array_sort function in quickjs.c, causing a heap-based buffer overflow. It is remotely exploitable and exploits are publicly available. Patch reference: 53eefbcd695165a3bd8c584813b472cb4a69fbf5. Remediation: app...

8.8CVSS6.8AI score0.0041EPSS

CVE•added 2025/03/21 7:0 a.m.•84 views

CVE-2024-13903

CVE-2024-13903 affects quickjs-ng QuickJS up to 0.8.0. The vulnerability targets the JS_GetRuntime function in quickjs.c (component qjs), enabling a stack-based buffer overflow. The issue can be exploited remotely. Upgrade to version 0.9.0 to address the vulnerability; the patch is identified by ...

7.5CVSS4.9AI score0.00615EPSS

CVE•added 2025/04/27 12:0 a.m.•82 views

CVE-2025-46688

CVE-2025-46688 affects quickjs-ng up to 0.9.0, with an incorrect size calculation in JS_ReadBigInt for a BigInt that leads to a heap-based buffer overflow. The vulnerability also affects QuickJS prior to 2025-04-26. Connected sources consistently describe the faulty size computation as the root c...

8.4CVSS5.7AI score0.0026EPSS

CVE•added 2025/04/27 12:0 a.m.•59 views

CVE-2025-46687

CVE-2025-46687 affects quickjs-ng up to 0.9.0. A missing length check in JS_ReadString can cause a heap-based buffer overflow, impacting QuickJS builds before 2025-04-26. This vulnerability is echoed across multiple sources (NVD, OSV, Debian/Ubuntu advisories and Nessus context), confirming the i...

7.8CVSS7.1AI score0.00237EPSS

CVE•added 2026/01/10 1:2 p.m.•34 views

CVE-2026-0821

The CVE-2026-0821 issue affects quickjs-ng/quickjs up to 0.11.0, specifically the js_typed_array_constructor in quickjs.c. The vulnerability enables a heap-based buffer overflow and can be exploited remotely. A publicly disclosed exploit exists. A patch is available (hash: c5d80831e51e48a83eab16e...

9.8CVSS6.8AI score0.00443EPSS

CVE•added 2026/01/19 7:32 a.m.•21 views

CVE-2026-1144

CVE-2026-1144 affects quickjs-ng quickjs up to version 0.11.0. The vulnerability resides in an unknown function within quickjs.c of the Atomics Ops Handler component, leading to a use-after-free condition. The issue can be exploited remotely and is accompanied by public exploits; a patch is ident...

8.8CVSS5.2AI score0.00349EPSS

CVE•added 2026/01/19 8:2 a.m.•17 views

CVE-2026-1145

CVE-2026-1145 affects quickjs-ng/quickjs up to version 0.11.0. The vulnerability resides in js_typed_array_constructor_ta in quickjs.c, enabling a heap-based buffer overflow that can be triggered remotely. Exploitation has been published; patch 53aebe66170d545bb6265906fe4324e4477de8b4 is availabl...

8.8CVSS6.7AI score0.0034EPSS