isolated-vm

npm2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting isolated-vmpage 1 of 1

CVE-2021-21413HIGHCVSS 8.0EG 8.0✓ Fixed in 4.0.0
2021-03-30
isolated-vm is a library for nodejs which gives you access to v8's Isolate interface. Versions of isolated-vm before v4.0.0 have API pitfalls which may make it easy for implementers to expose supposed secure isolates to the permissions of …
CVE-2022-39266CRITICALCVSS 9.6EG 9.6✓ Fixed in 4.3.7
2022-09-29
isolated-vm is a library for nodejs which gives the user access to v8's Isolate interface. In versions 4.3.6 and prior, if the untrusted v8 cached data is passed to the API through CachedDataOptions, attackers can bypass the sandbox and ru…

Check whether isolated-vm is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for isolated-vm CVEs against the assets you own.

Start Free Scan →