Vulnerabilities > VM2 Project > VM2 > 3.9.6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-21 | CVE-2023-37903 | OS Command Injection vulnerability in VM2 Project VM2 vm2 is an open source vm/sandbox for Node.js. | 10.0 |
| 2023-07-14 | CVE-2023-37466 | Code Injection vulnerability in VM2 Project VM2 vm2 is an advanced vm/sandbox for Node.js. | 10.0 |
| 2023-05-15 | CVE-2023-32313 | Unspecified vulnerability in VM2 Project VM2 vm2 is a sandbox that can run untrusted code with Node's built-in modules. | 5.3 |
| 2023-05-15 | CVE-2023-32314 | Unspecified vulnerability in VM2 Project VM2 vm2 is a sandbox that can run untrusted code with Node's built-in modules. | 10.0 |
| 2023-04-17 | CVE-2023-30547 | Unspecified vulnerability in VM2 Project VM2 vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. | 10.0 |
| 2023-04-14 | CVE-2023-29199 | Improper Control of Dynamically-Managed Code Resources vulnerability in VM2 Project VM2 There exists a vulnerability in source code transformer (exception sanitization logic) of vm2 for versions up to 3.9.15, allowing attackers to bypass `handleException()` and leak unsanitized host exceptions which can be used to escape the sandbox and run arbitrary code in host context. | 10.0 |
| 2022-09-06 | CVE-2022-36067 | Improper Control of Dynamically-Managed Code Resources vulnerability in VM2 Project VM2 vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. | 10.0 |