CVE-2020-7660

CVE-2020-7660 affects the serialize-javascript package prior to 3.1.0, where the function named deleteFunctions in index.js can be abused by a remote attacker to inject arbitrary code. The vulnerability enables remote code execution with network access and no authentication, with potential for hi...

CVE-2019-16769

The CVE-2019-16769 issue affects the npm package serialize-javascript prior to version 2.1.1, which is vulnerable to Cross-site Scripting (XSS) due to unsafe characters in serialized regular expressions. Node.js environments are not affected because RegExp.prototype.toString() escapes forward sla...