Every CVE whose affected-product data names Nyariv Sandboxjs, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2026-23830 — CVSS 10.0 (critical): SandboxJS is a JavaScript sandboxing library. Versions prior to 0.8.26 have a sandbox escape vulnerability due to `AsyncFunction` not being…
CVE-2026-25142 — CVSS 10.0 (critical): SandboxJS is a JavaScript sandboxing library. Prior to 0.8.27, SanboxJS does not properly restrict __lookupGetter__ which can be used to…
CVE-2026-25520 — CVSS 10.0 (critical): SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, The return values of functions aren't wrapped. Object.values/Object.entries…
CVE-2026-25586 — CVSS 10.0 (critical): SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, a sandbox escape is possible by shadowing hasOwnProperty on a sandbox…
CVE-2026-25587 — CVSS 10.0 (critical): SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, as Map is in SAFE_PROTOYPES, it's prototype can be obtained via…
CVE-2026-25641 — CVSS 10.0 (critical): SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, there is a sandbox escape vulnerability due to a mismatch between the key on…
CVE-2026-26954 — CVSS 10.0 (critical): SandboxJS is a JavaScript sandboxing library. Prior to 0.8.34, it is possible to obtain arrays containing Function, which allows escaping…
CVE-2026-34208 — CVSS 10.0 (critical): SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, SandboxJS blocks direct assignment to global objects (for example…
CVE-2026-43898 — CVSS 10.0 (critical): SandboxJS is a JavaScript sandboxing library. Prior to 0.9.6, sandbox-defined functions expose Function.caller, allowing sandboxed code to…
CVE-2026-25881 — CVSS 9.0 (critical): SandboxJS is a JavaScript sandboxing library. Prior to 0.8.31, a sandbox escape vulnerability allows sandboxed code to mutate host built-in…
CVE-2026-34211 — CVSS 7.5 (high): SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, the @nyariv/sandboxjs parser contains unbounded recursion in the restOfExp…
CVE-2026-34217 — CVSS 7.2 (high): SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, a scope modification vulnerability exists in @nyariv/sandboxjs. The…
CVE-2026-32723 — CVSS 4.7 (medium): SandboxJS is a JavaScript sandboxing library. Prior to 0.8.35, SandboxJS timers have an execution-quota bypass. A global tick state…