| CVE-2026-43898 |
critical |
10.0 |
10.0 |
|
|
|
24d ago |
SandboxJS is a JavaScript sandboxing library. Prior to 0.9.6, sandbox-defined functions expose Function.caller, allowing sandboxed code to recover the internal LispType.Call runtime callback. That ca… |
| CVE-2026-34217 |
unknown |
— |
— |
|
|
|
2mo ago |
SandboxJS: Sandbox Escape via Prop Object Leak in New Handler |
| CVE-2026-34211 |
unknown |
— |
— |
|
|
|
2mo ago |
SandboxJS: Stack overflow DoS via deeply nested expressions in recursive descent parser |
| CVE-2026-34208 |
unknown |
— |
— |
|
|
|
2mo ago |
SandboxJS: Sandbox integrity escape |
| CVE-2026-32723 |
unknown |
— |
— |
|
|
|
3mo ago |
SandboxJS has an execution-quota bypass (cross-sandbox currentTicks race) in SandboxJS timers |
| CVE-2026-26954 |
unknown |
— |
— |
|
|
|
3mo ago |
SandboxJS affected by a Sandbox Escape |
| CVE-2026-25881 |
unknown |
— |
— |
|
|
|
4mo ago |
@nyariv/sandboxjs has host prototype pollution from sandbox via array intermediary (sandbox escape) |
| CVE-2026-25641 |
unknown |
— |
— |
|
|
|
4mo ago |
@nyariv/sandboxjs vulnerable to sandbox escape via TOCTOU bug on keys in property accesses |
| CVE-2026-25587 |
unknown |
— |
— |
|
|
|
4mo ago |
@nyariv/sandboxjs has a Sandbox Escape vulnerability |
| CVE-2026-25586 |
unknown |
— |
— |
|
|
|
4mo ago |
@nyariv/sandboxjs has Sandbox Escape via Prototype Whitelist Bypass and Host Prototype Pollution |
| CVE-2026-25520 |
unknown |
— |
— |
|
|
|
4mo ago |
@nyariv/sandboxjs has a Sandbox Escape issue |
| CVE-2026-25142 |
unknown |
— |
— |
|
|
|
4mo ago |
SandboxJS Vulnerable to Prototype Pollution -> Sandbox Escape -> RCE |
| CVE-2026-23830 |
unknown |
— |
— |
|
|
|
4mo ago |
SandboxJS has Sandbox Escape via Unprotected AsyncFunction Constructor |
| CVE-2025-34146 |
unknown |
— |
— |
|
|
|
10mo ago |
@nyariv/sandboxjs has Prototype Pollution vulnerability that may lead to RCE |
