Ecosystem	Package	Version

Vulnerabilities

CVE-2026-1513

CVE-2026-1513

billboard.js before 3.18.0 allows an attacker to execute malicious JavaScript due to improper sanitization during chart option binding.

Published Jan 29, 2026

https://cve.naver.com/detail/cve-2026-1513.html

CVSS ScoreMedium

6.1

Ecosystem	Package	Version


npm	billboard.js	0.0.1-alpha
npm	billboard.js	1.0.0
npm	billboard.js	1.0.1
npm	billboard.js	1.1.0
npm	billboard.js	1.1.1
npm	billboard.js	1.10.0-next.1
npm	billboard.js	1.10.0-next.2
npm	billboard.js	1.10.0
npm	billboard.js	1.10.1
npm	billboard.js	1.10.2
npm	billboard.js	1.11.0-next.1
npm	billboard.js	1.11.0-next.2
npm	billboard.js	1.11.0-next.3
npm	billboard.js	1.11.0-next.4
npm	billboard.js	1.11.0-next.5
npm	billboard.js	1.11.0-next.6
npm	billboard.js	1.11.0-next.7
npm	billboard.js	1.11.0
npm	billboard.js	1.11.1
npm	billboard.js	1.12.0-next.1
npm	billboard.js	1.12.0-next.2
npm	billboard.js	1.12.0-next.3
npm	billboard.js	1.12.0-next.4
npm	billboard.js	1.12.0-next.5
npm	billboard.js	1.12.0
npm	billboard.js	1.12.10
npm	billboard.js	1.12.11
npm	billboard.js	1.12.12
npm	billboard.js	1.12.1
npm	billboard.js	1.12.2
npm	billboard.js	1.12.3
npm	billboard.js	1.12.4
npm	billboard.js	1.12.5
npm	billboard.js	1.12.6
npm	billboard.js	1.12.7
npm	billboard.js	1.12.8
npm	billboard.js	1.12.9
npm	billboard.js	1.2.0
npm	billboard.js	1.3.0
npm	billboard.js	1.4.0
npm	billboard.js	1.4.1
npm	billboard.js	1.5.0
npm	billboard.js	1.5.1
npm	billboard.js	1.6.0-rc0
npm	billboard.js	1.6.0
npm	billboard.js	1.6.1-rc0
npm	billboard.js	1.6.1
npm	billboard.js	1.6.2-rc0
npm	billboard.js	1.6.2
npm	billboard.js	1.7.0

CVE-2026-1513 | Components Impacted | Sonatype Guide | Sonatype Guide