Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-45411 |
|
Vulnerability in vm2 (CVE-2026-45411)
vulnerability in vm2 (CVE-2026-45411). Successful exploitation can lead to full system takeover. Exploitable via ``return``. Mitigation: upgrade to `3.11.3` or later.
|
| CVE-2026-44007 |
|
Vulnerability in vm2 (CVE-2026-44007)
vulnerability in vm2 (CVE-2026-44007). Successful exploitation can lead to full system takeover. Exploitable via ``NodeVM``. Mitigation: upgrade to `3.11.1` or later.
|
| CVE-2026-44006 |
|
Code Injection in vm2 (CVE-2026-44006)
code injection in vm2 (CVE-2026-44006). Successful exploitation can lead to full system takeover. Exploitable via ``BaseHandler.getPrototypeOf``. Mitigation: upgrade to `3.11.0` or later.
|
| CVE-2026-44004 |
|
Vulnerability in vm2 (CVE-2026-44004)
vulnerability in vm2 (CVE-2026-44004). Risk of unauthorized operations or information disclosure. Exploitable via ``Buffer.alloc``. Mitigation: upgrade to `3.11.0` or later.
|
| CVE-2026-44005 |
|
Code Injection in vm2 (CVE-2026-44005)
code injection in vm2 (CVE-2026-44005). Data can be tampered with by attackers. Mitigation: upgrade to `3.11.0` or later.
|
| CVE-2026-43997 |
|
Code Injection in vm2 (CVE-2026-43997)
code injection in vm2 (CVE-2026-43997). Successful exploitation can lead to full system takeover. Exploitable via ``Object``. Mitigation: upgrade to `3.11.0` or later.
|
| CVE-2026-43998 |
|
Vulnerability in vm2 (CVE-2026-43998)
vulnerability in vm2 (CVE-2026-43998). Successful exploitation can lead to full system takeover. Exploitable via ``require.root``. Mitigation: upgrade to `3.11.0` or later.
|
| CVE-2026-43999 |
|
Authorization Flaw in vm2 (CVE-2026-43999)
vulnerability in vm2 (CVE-2026-43999). Successful exploitation can lead to full system takeover. Exploitable via ``builtin``. Mitigation: upgrade to `3.11.0` or later.
|
| CVE-2026-44000 |
|
Vulnerability in vm2 (CVE-2026-44000)
vulnerability in vm2 (CVE-2026-44000). Risk of unauthorized operations or information disclosure. Exploitable via ``WeakMap``. Mitigation: upgrade to `3.11.0` or later.
|
| CVE-2026-44001 |
|
Vulnerability in vm2 (CVE-2026-44001)
vulnerability in vm2 (CVE-2026-44001). Risk of unauthorized operations or information disclosure. Exploitable via ``onRejected``. Mitigation: upgrade to `3.11.0` or later.
|
| CVE-2026-44002 |
|
Vulnerability in vm2 (CVE-2026-44002)
vulnerability in vm2 (CVE-2026-44002). Risk of unauthorized operations or information disclosure. Exploitable via ``CallSite``. Mitigation: upgrade to `3.11.0` or later.
|
| CVE-2026-44003 |
|
Vulnerability in vm2 (CVE-2026-44003)
vulnerability in vm2 (CVE-2026-44003). Risk of unauthorized operations or information disclosure. Exploitable via ``catch``. Mitigation: upgrade to `3.11.0` or later.
|
| CVE-2026-44009 |
|
Vulnerability in vm2 (CVE-2026-44009)
vulnerability in vm2 (CVE-2026-44009). Successful exploitation can lead to full system takeover. Exploitable via ``handleException``. Mitigation: upgrade to `3.11.2` or later.
|
| CVE-2026-44008 |
|
Vulnerability in vm2 (CVE-2026-44008)
vulnerability in vm2 (CVE-2026-44008). Successful exploitation can lead to full system takeover. Exploitable via ``neutralizeArraySpeciesBatch``. Mitigation: upgrade to `3.11.2` or later.
|
| CVE-2026-26332 |
|
Code Injection in vm2-project (CVE-2026-26332)
code injection in vm2-project (CVE-2026-26332). Successful exploitation can lead to full system takeover.
|
| CVE-2026-26956 |
|
Vulnerability in vm2-project (CVE-2026-26956)
vulnerability in vm2-project (CVE-2026-26956). Successful exploitation can lead to full system takeover. Exploitable via ``catch``.
|
| CVE-2026-24781 |
|
Code Injection in vm2-project (CVE-2026-24781)
code injection in vm2-project (CVE-2026-24781). Successful exploitation can lead to full system takeover. Exploitable via ``inspect``.
|
| CVE-2026-24120 |
|
Code Injection in vm2-project (CVE-2026-24120)
code injection in vm2-project (CVE-2026-24120). Successful exploitation can lead to full system takeover. Exploitable via ``resetPromiseSpecies``.
|
| CVE-2026-24118 |
|
Code Injection in vm2-project (CVE-2026-24118)
code injection in vm2-project (CVE-2026-24118). Successful exploitation can lead to full system takeover. Exploitable via ``__lookupGetter__``.
|