serialize-javascript

npm4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting serialize-javascriptpage 1 of 1

CVE-2019-16769MEDIUMCVSS 4.2EG 4.2✓ Fixed in 2.1.1
2019-12-05
The serialize-javascript npm package before version 2.1.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js…
CVE-2020-7660HIGHCVSS 8.1EG 8.1✓ Fixed in 3.1.0
2020-06-01
serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js".
CVE-2024-11831MEDIUMCVSS 5.4EG 5.4✓ Fixed in 6.0.2
2025-02-10
A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malici…
CVE-2026-34043MEDIUMCVSS 5.9EG 5.9✓ Fixed in 7.0.5
2026-03-31
Serialize JavaScript to a superset of JSON that includes regular expressions and functions. Prior to version 7.0.5, there is a Denial of Service (DoS) vulnerability caused by CPU exhaustion. When serializing a specially crafted "array-like…

Check whether serialize-javascript is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for serialize-javascript CVEs against the assets you own.

Start Free Scan →