Security: nyariv/SandboxJS
Security
No security policy detected
This project has not set up a SECURITY.md file yet.
Report a vulnerability-
Prop Object Leak in New HandlerGHSA-hg73-4w7g-q96w published
Apr 3, 2026 by nyarivModerate -
Stack overflow DoS via deeply nested expressions in recursive descent parserGHSA-8pfc-jjgw-6g26 published
Apr 3, 2026 by nyarivModerate -
Sandbox integrity escapeGHSA-2gg9-6p7w-6cpj published
Apr 3, 2026 by nyarivCritical -
Execution-quota bypass (cross-sandbox currentTicks race) in SandboxJS timersGHSA-7p5m-xrh7-769r published
Mar 14, 2026 by nyarivModerate -
Sandbox EscapeGHSA-6r9f-759j-hjgv published
Mar 13, 2026 by nyarivCritical -
@nyariv/sandboxjs has host prototype pollution from sandbox via array intermediary (sandbox escape)GHSA-ww7g-4gwx-m7wj published
Feb 8, 2026 by nyarivCritical -
Sandbox escape via TOCTOU bug on keys in property accessesGHSA-7x3h-rm86-3342 published
Feb 5, 2026 by nyarivCritical -
Sandbox Escape via Prototype Whitelist Bypass and Host Prototype PollutionGHSA-jjpw-65fv-8g48 published
Feb 5, 2026 by nyarivCritical -
Sandbox EscapeGHSA-66h4-qj4x-38xp published
Feb 5, 2026 by nyarivCritical -
Sandbox EscapeGHSA-58jh-xv4v-pcx4 published
Feb 5, 2026 by nyarivCritical
Learn more about advisories related to nyariv/SandboxJS in the GitHub Advisory Database