Serialize-to-js Project Serialize-to-js — known CVE vulnerabilities
Every CVE whose affected-product data names Serialize-to-js Project Serialize-to-js, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2017-5954 — CVSS 9.8 (critical): An issue was discovered in the serialize-to-js package 0.5.0 for Node.js. Untrusted data passed into the deserialize() function can be…
CVE-2017-15871 — CVSS 7.5 (high): The deserialize function in serialize-to-js through 1.1.1 allows attackers to cause a denial of service via vectors involving an…
CVE-2019-16772 — CVSS 3.1 (low): The serialize-to-js NPM package before version 3.0.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against…