pkg:npm/@nyariv/sandboxjs

All known vulnerabilities

• CRITICAL10.0CVE-2026-43898SandboxJS has a sandbox escape via Function.caller leakage of internal call op
  from 0, < 0.9.6
• CRITICAL10.0CVE-2026-34208SandboxJS: Sandbox integrity escape
  from 0, < 0.8.36
• CRITICAL10.0CVE-2026-26954SandboxJS affected by a Sandbox Escape
  from 0, < 0.8.34
• CRITICAL10.0CVE-2026-25641@nyariv/sandboxjs vulnerable to sandbox escape via TOCTOU bug on keys in property accesses
  from 0, < 0.8.29
• CRITICAL10.0CVE-2026-25587@nyariv/sandboxjs has a Sandbox Escape vulnerability
  from 0, < 0.8.29
• CRITICAL10.0CVE-2026-25586@nyariv/sandboxjs has Sandbox Escape via Prototype Whitelist Bypass and Host Prototype Pollution
  from 0, < 0.8.29
• CRITICAL10.0CVE-2026-25520@nyariv/sandboxjs has a Sandbox Escape issue
  from 0, < 0.8.29
• CRITICAL10.0CVE-2026-25142SandboxJS Vulnerable to Prototype Pollution -> Sandbox Escape -> RCE
  from 0, < 0.8.27
• CRITICAL10.0CVE-2026-23830SandboxJS has Sandbox Escape via Unprotected AsyncFunction Constructor
  from 0, < 0.8.26
• CRITICAL9.0CVE-2026-25881@nyariv/sandboxjs has host prototype pollution from sandbox via array intermediary (sandbox escape)
  from 0, < 0.8.31
• —CVE-2026-34217SandboxJS: Sandbox Escape via Prop Object Leak in New Handler
  from 0, < 0.8.36
• —CVE-2026-34211SandboxJS: Stack overflow DoS via deeply nested expressions in recursive descent parser
  from 0, < 0.8.36
• —CVE-2026-32723SandboxJS has an execution-quota bypass (cross-sandbox currentTicks race) in SandboxJS timers
  from 0, < 0.8.35
• —CVE-2025-34146@nyariv/sandboxjs has Prototype Pollution vulnerability that may lead to RCE
  from 0, < 0.8.24