@nyariv/sandboxjs
npm11 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting @nyariv/sandboxjspage 1 of 1
- CVE-2025-34146HIGHCVSS 7.0EG 0.0✓ Fixed in 0.8.242025-07-31
A prototype pollution vulnerability exists in @nyariv/sandboxjs versions <= 0.8.23, allowing attackers to inject arbitrary properties into Object.prototype via crafted JavaScript code. This can result in a denial-of-service (DoS) condition…
- CVE-2026-23830CRITICALCVSS 10.0EG 10.0✓ Fixed in 0.8.262026-01-28
SandboxJS is a JavaScript sandboxing library. Versions prior to 0.8.26 have a sandbox escape vulnerability due to `AsyncFunction` not being isolated in `SandboxFunction`. The library attempts to sandbox code execution by replacing the glob…
- CVE-2026-25142CRITICALCVSS 10.0EG 10.0✓ Fixed in 0.8.272026-02-02
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.27, SanboxJS does not properly restrict __lookupGetter__ which can be used to obtain prototypes, which can be used for escaping the sandbox / remote code execution. This vulnerabil…
- CVE-2026-25520CRITICALCVSS 10.0EG 10.0✓ Fixed in 0.8.292026-02-06
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, The return values of functions aren't wrapped. Object.values/Object.entries can be used to get an Array containing the host's Function constructor, by using Array.prototype.at …
- CVE-2026-25586CRITICALCVSS 10.0EG 10.0✓ Fixed in 0.8.292026-02-06
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, a sandbox escape is possible by shadowing hasOwnProperty on a sandbox object, which disables prototype whitelist enforcement in the property-access path. This permits direct ac…
- CVE-2026-25587CRITICALCVSS 10.0EG 10.0✓ Fixed in 0.8.292026-02-06
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, as Map is in SAFE_PROTOYPES, it's prototype can be obtained via Map.prototype. By overwriting Map.prototype.has the sandbox can be escaped. This vulnerability is fixed in 0.8.2…
- CVE-2026-25641CRITICALCVSS 10.0EG 10.0✓ Fixed in 0.8.292026-02-06
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, there is a sandbox escape vulnerability due to a mismatch between the key on which the validation is performed and the key used for accessing properties. Even though the key us…
- CVE-2026-25881CRITICALCVSS 9.0EG 9.0✓ Fixed in 0.8.312026-02-09
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.31, a sandbox escape vulnerability allows sandboxed code to mutate host built-in prototypes by laundering the isGlobal protection flag through array literal intermediaries. When a …
- CVE-2026-34208CRITICALCVSS 10.0EG 10.0✓ Fixed in 0.8.362026-04-06
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, SandboxJS blocks direct assignment to global objects (for example Math.random = ...), but this protection can be bypassed through an exposed callable constructor path: this.con…
- CVE-2026-34211HIGHCVSS 7.5EG 7.5✓ Fixed in 0.8.362026-04-06
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, the @nyariv/sandboxjs parser contains unbounded recursion in the restOfExp function and the lispify/lispifyExpr call chain. An attacker can crash any Node.js process that parse…
- CVE-2026-34217HIGHCVSS 7.2EG 7.2✓ Fixed in 0.8.362026-04-06
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, a scope modification vulnerability exists in @nyariv/sandboxjs. The vulnerability allows untrusted sandboxed code to leak internal interpreter objects through the new operator,…
Check whether @nyariv/sandboxjs is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for @nyariv/sandboxjs CVEs against the assets you own.
Start Free Scan →