Vulnerabilities > VM2 Project
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-21 | CVE-2023-37903 | OS Command Injection vulnerability in VM2 Project VM2 vm2 is an open source vm/sandbox for Node.js. | 10.0 |
| 2023-07-14 | CVE-2023-37466 | Unspecified vulnerability in VM2 Project VM2 vm2 is an advanced vm/sandbox for Node.js. | 10.0 |
| 2023-05-15 | CVE-2023-32313 | Unspecified vulnerability in VM2 Project VM2 vm2 is a sandbox that can run untrusted code with Node's built-in modules. | 5.3 |
| 2023-05-15 | CVE-2023-32314 | Unspecified vulnerability in VM2 Project VM2 vm2 is a sandbox that can run untrusted code with Node's built-in modules. | 10.0 |
| 2023-04-17 | CVE-2023-30547 | Unspecified vulnerability in VM2 Project VM2 vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. | 10.0 |
| 2023-04-14 | CVE-2023-29199 | Unspecified vulnerability in VM2 Project VM2 There exists a vulnerability in source code transformer (exception sanitization logic) of vm2 for versions up to 3.9.15, allowing attackers to bypass `handleException()` and leak unsanitized host exceptions which can be used to escape the sandbox and run arbitrary code in host context. | 10.0 |
| 2023-04-06 | CVE-2023-29017 | Unspecified vulnerability in VM2 Project VM2 vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. | 9.8 |
| 2022-12-21 | CVE-2022-25893 | Unspecified vulnerability in VM2 Project VM2 The package vm2 before 3.9.10 are vulnerable to Arbitrary Code Execution due to the usage of prototype lookup for the WeakMap.prototype.set method. | 9.8 |
| 2022-09-06 | CVE-2022-36067 | Improper Control of Dynamically-Managed Code Resources vulnerability in VM2 Project VM2 vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. | 10.0 |
| 2022-07-13 | CVE-2019-10761 | Uncontrolled Recursion vulnerability in VM2 Project VM2 This affects the package vm2 before 3.6.11. | 8.3 |