Every CVE whose affected-product data names Naver Billboard.js, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2025-49223 — CVSS 9.8 (critical): billboard.js before 3.15.1 was discovered to contain a prototype pollution via the function generate, which could allow attackers to…
CVE-2026-1513 — CVSS 6.1 (medium): billboard.js before 3.18.0 allows an attacker to execute malicious JavaScript due to improper sanitization during chart option binding.