vm2 vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-47141Mediumvm2: NodeVM observability builtins leak host process and HTTP request dataCVE-2026-47139Highvm2: NodeVM network builtin exclusions bypass via internal _http_client and _http_serverCVE-2026-47140Criticalvm2: NodeVM builtin denylist bypass via process and inspector/promises allows host code executionCVE-2026-47210Criticalvm2: vm2 sandbox escape via JSPI-backed Promise `.finally()` species bypassCVE-2026-47137Criticalvm2: vm2 has a CVE-2023-37903 patch bypass: nesting:true without explicit require still allows full RCECVE-2026-47209Highvm2: vm2's Bridge Proxy set trap ignores receiver parameter, enabling host object property injection via…CVE-2026-47135Highvm2: vm2 has a sandbox escape via unblocked cross-realm Symbol.for keys + missing bridge write-trap…CVE-2026-47208Criticalvm2: vm2 is Vulnerable to Sandbox Breakout Through Promise SpeciesGHSA-Q3FM-4WCW-G57XLowvm2: vm2 setup-sandbox.js violates Defense Invariant #11 in stack-trace formatterCVE-2026-47131Criticalvm2: vm2 has a Sandbox Escape issueCVE-2026-45411Criticalvm2: vm2 Has a Sandbox Breakout Using Async GeneratorGHSA-2CM2-M3W5-GP2FMediumvm2: vm2 has access to `VM2_INTERNAL_STATE_DO_NOT_USE_OR_PROGRAM_WILL_FAIL`CVE-2026-44009Criticalvm2: vm2 has Sandbox Breakout Through Null Proto ExceptionCVE-2026-44008Criticalvm2: vm2 has sandbox breakout via `neutralizeArraySpeciesBatch`CVE-2026-44007Criticalvm2: vm2 NodeVM `nesting: true` bypasses `require: false` allowing sandbox escape and arbitrary OS…CVE-2026-43998Highvm2: vm2 has a NodeVM require.root bypass via symlink traversal that allows sandbox escapeCVE-2026-44003Mediumvm2: vm2's Transformer Fast-Path Bypass Exposes Internal State VariableCVE-2026-44002Mediumvm2: vm2 is Vulnerable to Host File Path Disclosure via Stack Trace Information LeakCVE-2026-44000Mediumvm2: vm2 Host Promise Resolution Preserves Object Identity Across Sandbox BoundaryCVE-2026-44004Highvm2: vm2 Sandbox Access to Host Buffer.alloc Allows timeout Bypass Resulting in Memory ExhaustionCVE-2026-44001Highvm2: vm2 has a Sandbox Escape via Promise Constructor Unhandled Rejection (Process Crash DoS)CVE-2026-43999Criticalvm2: vm2 has a NodeVM builtin allowlist bypass via `module` builtin's `Module._load` that allows sandbox…CVE-2026-44005Criticalvm2: vm2: Mutable Proxies for Host Intrinsic Prototypes Allows Sandbox EscapeCVE-2026-43997Criticalvm2: vm2 Access to Host Object Enables Sandbox EscapeCVE-2026-44006Criticalvm2: vm2 has a Sandbox Escape Vulnerability

Stop the waste.
Protect your environment with Kodem.