Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

npm

vm2

npm

vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules.

View on github.com · View on npmjs.org

Security Advisories for vm2 in npm

Moderate
14 days ago

NodeVM observability builtins leak host process and HTTP request data GSA_kwCzR0hTQS05Zzh4LTkycTItcDI4Zs4ABXvA

npm vm2
High
14 days ago

NodeVM network builtin exclusions bypass via internal _http_client and _http_server GSA_kwCzR0hTQS1yOXBtLWd4bXctd3Y2cM4ABXu_

npm vm2
Critical
14 days ago

NodeVM builtin denylist bypass via process and inspector/promises allows host code execution GSA_kwCzR0hTQS1ycDM2LTh4cTMtcjZjNM4ABXu-

npm vm2
Critical
14 days ago

vm2 sandbox escape via JSPI-backed Promise `.finally()` species bypass GSA_kwCzR0hTQS02ajJ4LXZocXItcXI3cc4ABXu7

npm vm2
Critical
14 days ago

vm2 has a CVE-2023-37903 patch bypass: nesting:true without explicit require still allows full RCE GSA_kwCzR0hTQS1tNHd4LW02NXgtZ2hycs4ABXu6

npm vm2
High
14 days ago

vm2's Bridge Proxy set trap ignores receiver parameter, enabling host object property injection via prototype chain GSA_kwCzR0hTQS1jNGNmLTJoZ3YtMnF2Ns4ABXu5

npm vm2
High
14 days ago

vm2 has a sandbox escape via unblocked cross-realm Symbol.for keys + missing bridge write-trap symbol checks GSA_kwCzR0hTQS1tNXEyLTRmbTMtdmZxcM4ABXu4

npm vm2
Critical
14 days ago

vm2 is Vulnerable to Sandbox Breakout Through Promise Species GSA_kwCzR0hTQS03Nnc3LWo5Y3Etcngyas4ABXu3

npm vm2
Low
14 days ago

vm2 setup-sandbox.js violates Defense Invariant #11 in stack-trace formatter GSA_kwCzR0hTQS1xM2ZtLTR3Y3ctZzU3eM4ABXu2

npm vm2
Critical
14 days ago

vm2 has a Sandbox Escape issue GSA_kwCzR0hTQS12Nm14LW1mNDctcjV3Z84ABXu1

npm vm2
Critical
29 days ago

vm2 Has a Sandbox Breakout Using Async Generator GSA_kwCzR0hTQS0yNDhyLTdoN3EtY3IyNM4ABW5f

npm vm2
Moderate
about 1 month ago

vm2 has access to `VM2_INTERNAL_STATE_DO_NOT_USE_OR_PROGRAM_WILL_FAIL` GSA_kwCzR0hTQS0yY20yLW0zdzUtZ3AyZs4ABWfF

npm vm2
Critical
about 1 month ago

vm2 has Sandbox Breakout Through Null Proto Exception GSA_kwCzR0hTQS05dmczLTRyZmotd2djbc4ABWfE

npm vm2
Critical
about 1 month ago

vm2 has sandbox breakout via `neutralizeArraySpeciesBatch` GSA_kwCzR0hTQS05cWo2LXFqZ2ctMzdxcc4ABWfD

npm vm2
Critical
about 1 month ago

vm2 NodeVM `nesting: true` bypasses `require: false` allowing sandbox escape and arbitrary OS command execution GSA_kwCzR0hTQS04aGc4LTYzYzUtZ3dteM4ABWYS

npm vm2
High
about 1 month ago

vm2 has a NodeVM require.root bypass via symlink traversal that allows sandbox escape GSA_kwCzR0hTQS1jcDZnLTY2OTktd3g5Y84ABWYR

npm vm2
Moderate
about 1 month ago

vm2's Transformer Fast-Path Bypass Exposes Internal State Variable GSA_kwCzR0hTQS13cDVyLTJndzUtbTdxN84ABWYQ

npm vm2
Moderate
about 1 month ago

vm2 is Vulnerable to Host File Path Disclosure via Stack Trace Information Leak GSA_kwCzR0hTQS12MjdnLWpjcWotdjhyd84ABWYP

npm vm2
Moderate
about 1 month ago

vm2 Host Promise Resolution Preserves Object Identity Across Sandbox Boundary GSA_kwCzR0hTQS1tcGY4LTRoeDItN2NqZ84ABWYO

npm vm2
High
about 1 month ago

vm2 Sandbox Access to Host Buffer.alloc Allows timeout Bypass Resulting in Memory Exhaustion GSA_kwCzR0hTQS02Nzg1LXB2djctbXZnN84ABWYN

npm vm2
High
about 1 month ago

vm2 has a Sandbox Escape via Promise Constructor Unhandled Rejection (Process Crash DoS) GSA_kwCzR0hTQS1odzU4LXA5eHYtMm1qaM4ABWYM

npm vm2
Critical
about 1 month ago

vm2 has a NodeVM builtin allowlist bypass via `module` builtin's `Module._load` that allows sandbox escape GSA_kwCzR0hTQS05NDdmLTR2N2YteDJ2OM4ABWYL

npm vm2
Critical
about 1 month ago

vm2: Mutable Proxies for Host Intrinsic Prototypes Allows Sandbox Escape GSA_kwCzR0hTQS12d3JwLXg5NmMtbWh3cc4ABWYK

npm vm2
Critical
about 1 month ago

vm2 Access to Host Object Enables Sandbox Escape GSA_kwCzR0hTQS00N3g4LTk2dnctNXdnNs4ABWYJ

npm vm2
Critical
about 1 month ago

vm2 has a Sandbox Escape Vulnerability GSA_kwCzR0hTQS1xY3A0LXYyamotZmp4OM4ABWYI

npm vm2
Critical
about 1 month ago

VM2 Has a WASM Sandbox Escape GSA_kwCzR0hTQS1mZmg0LWo2aDUtcGc2Ns4ABWLY

npm vm2
Critical
about 1 month ago

VM2 Has a Sandbox Escape Issue via SuppressedError GSA_kwCzR0hTQS01NWh4LWM5MjYtZnI5Nc4ABWLX

npm vm2
Critical
about 1 month ago

VM2 Has Sandbox Breakout Through Inspect Function GSA_kwCzR0hTQS12MzdoLTVtZm0tYzQ3Y84ABWLW

npm vm2
Critical
about 1 month ago

VM2 Has Sandbox Breakout Through Promise Species GSA_kwCzR0hTQS1xdmpqLTI5cWYtaHA3cM4ABWLU

npm vm2
Critical
about 1 month ago

VM2 Sandbox Breakout Through __lookupGetter__ GSA_kwCzR0hTQS1ncmo1LWpqbTgtaDM1cM4ABWHy

npm vm2
Critical
5 months ago

vm2 has a Sandbox Escape GSA_kwCzR0hTQS05OXA3LTZ2NXctN3hnOM4ABRlH

npm vm2
Critical
almost 3 years ago

vm2 Sandbox Escape vulnerability GSA_kwCzR0hTQS1jY2hxLWZyZ3YtcmpoNc4AA0sM

npm vm2
Critical
almost 3 years ago

vm2 Sandbox Escape vulnerability GSA_kwCzR0hTQS1nNjQ0LTlnZngtcTRxNM4AA0sL

npm vm2
Moderate
about 3 years ago

vm2 vulnerable to Inspect Manipulation GSA_kwCzR0hTQS1wNWdjLWM1ODQtamo2ds4AAzXv

npm vm2
Critical
about 3 years ago

vm2 Sandbox Escape vulnerability GSA_kwCzR0hTQS13aHBqLThmM3ctNjdwNc4AAzV1

npm vm2
Critical
about 3 years ago

vm2 Sandbox Escape vulnerability GSA_kwCzR0hTQS1jaDNyLWo1eDMtNnEybc4AAy46

npm vm2
Critical
about 3 years ago

vm2 Sandbox Escape vulnerability GSA_kwCzR0hTQS14ajcyLXd2ZnYtODk4Nc4AAyu7

npm vm2
Critical
about 3 years ago

vm2 vulnerable to sandbox escape GSA_kwCzR0hTQS03anhyLWNnN2YtZ3Bnds4AAyoQ

npm vm2
Critical
over 3 years ago

vm2 vulnerable to Arbitrary Code Execution GSA_kwCzR0hTQS00dzJqLTJyZzQtNW1qd84AAweA

npm vm2
Critical
over 3 years ago

vm2 vulnerable to Sandbox Escape resulting in Remote Code Execution on host GSA_kwCzR0hTQS1tcmdwLW1yaGMtNWpycc4AAvGK

npm vm2
High
almost 4 years ago

vm2 before 3.6.11 vulnerable to sandbox escape GSA_kwCzR0hTQS13ZjV4LWNyM3IteHI3N84AAtYt

npm vm2
Critical
over 4 years ago

Sandbox bypass in vm2 GSA_kwCzR0hTQS02cHcyLTVoanYtOXBmN80rFg

npm vm2
Critical
over 4 years ago

Prototype Pollution in vm2 GSA_kwCzR0hTQS1yamYyLWoycjYtcThncs0Wlw

npm vm2

Filter by Severity

Critical 29 High 7 Moderate 6 Low 1