| CVE-2026-47141 |
unknown |
— |
— |
|
|
|
6d ago |
NodeVM observability builtins leak host process and HTTP request data |
| CVE-2026-47139 |
unknown |
— |
— |
|
|
|
6d ago |
NodeVM network builtin exclusions bypass via internal _http_client and _http_server |
| CVE-2026-47140 |
unknown |
— |
— |
|
|
|
6d ago |
NodeVM builtin denylist bypass via process and inspector/promises allows host code execution |
| CVE-2026-47210 |
unknown |
— |
— |
|
|
|
6d ago |
vm2 sandbox escape via JSPI-backed Promise `.finally()` species bypass |
| CVE-2026-47137 |
unknown |
— |
— |
|
|
|
6d ago |
vm2 has a CVE-2023-37903 patch bypass: nesting:true without explicit require still allows full RCE |
| CVE-2026-47209 |
unknown |
— |
— |
|
|
|
6d ago |
vm2's Bridge Proxy set trap ignores receiver parameter, enabling host object property injection via prototype chain |
| CVE-2026-47135 |
unknown |
— |
— |
|
|
|
6d ago |
vm2 has a sandbox escape via unblocked cross-realm Symbol.for keys + missing bridge write-trap symbol checks |
| CVE-2026-47208 |
unknown |
— |
— |
|
|
|
6d ago |
vm2 is Vulnerable to Sandbox Breakout Through Promise Species |
| CVE-2026-47131 |
unknown |
— |
— |
|
|
|
6d ago |
vm2 has a Sandbox Escape issue |
