@nyariv/sandboxjs

13 known vulnerabilities · 1 critical · 2 high

@nyariv/sandboxjs vulnerable to sandbox escape via TOCTOU bug on keys in property accesses

Published Feb 5, 2026

SandboxJS affected by a Sandbox Escape

Published Mar 13, 2026

SandboxJS Vulnerable to Prototype Pollution -> Sandbox Escape -> RCE

Published Feb 2, 2026

@nyariv/sandboxjs has a Sandbox Escape vulnerability

Published Feb 5, 2026

Risk: 50.42/100

SandboxJS: Stack overflow DoS via deeply nested expressions in recursive descent parser

Published Apr 3, 2026

SandboxJS has an execution-quota bypass (cross-sandbox currentTicks race) in SandboxJS timers

Published Mar 16, 2026

@nyariv/sandboxjs has Prototype Pollution vulnerability that may lead to RCE

Published Jul 31, 2025

@nyariv/sandboxjs has host prototype pollution from sandbox via array intermediary (sandbox escape)

Published Feb 10, 2026

Risk: 44.85/100

SandboxJS: Sandbox Escape via Prop Object Leak in New Handler

Published Apr 3, 2026

@nyariv/sandboxjs has Sandbox Escape via Prototype Whitelist Bypass and Host Prototype Pollution

Published Feb 5, 2026

Risk: 69.3/100

SandboxJS: Sandbox integrity escape

Published Apr 3, 2026

@nyariv/sandboxjs has a Sandbox Escape issue

Published Feb 5, 2026

SandboxJS has Sandbox Escape via Unprotected AsyncFunction Constructor

Published Jan 27, 2026

Check your entire dependency tree at onceRun dependency scan →