Security: nyariv/SandboxJS
Security
No security policy detected
This project has not set up a SECURITY.md file yet.
Report a vulnerability-
Execution-quota bypass (cross-sandbox currentTicks race) in SandboxJS timersGHSA-7p5m-xrh7-769r published
Mar 14, 2026 by nyarivModerate -
Sandbox EscapeGHSA-6r9f-759j-hjgv published
Mar 13, 2026 by nyarivCritical -
@nyariv/sandboxjs has host prototype pollution from sandbox via array intermediary (sandbox escape)GHSA-ww7g-4gwx-m7wj published
Feb 8, 2026 by nyarivCritical -
Sandbox escape via TOCTOU bug on keys in property accessesGHSA-7x3h-rm86-3342 published
Feb 5, 2026 by nyarivCritical -
Sandbox Escape via Prototype Whitelist Bypass and Host Prototype PollutionGHSA-jjpw-65fv-8g48 published
Feb 5, 2026 by nyarivCritical -
Sandbox EscapeGHSA-66h4-qj4x-38xp published
Feb 5, 2026 by nyarivCritical -
Sandbox EscapeGHSA-58jh-xv4v-pcx4 published
Feb 5, 2026 by nyarivCritical -
Prototype Pollution -> Sandbox Escape -> RCEGHSA-9p4w-fq8m-2hp7 published
Jan 31, 2026 by nyarivCritical -
Sandbox EscapeGHSA-wxhw-j4hc-fmq6 published
Jan 27, 2026 by nyarivCritical
Learn more about advisories related to nyariv/SandboxJS in the GitHub Advisory Database