CVE-2026-25587

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, as Map is in SAFE_PROTOYPES, it's prototype can be obtained via Map.prototype. By overwriting Map.prototype.has the sandbox can be escaped. This vulnerability is fixed in 0.8.29.

Published Feb 6, 2026

https://github.com/advisories/GHSA-66h4-qj4x-38xp

CVSS ScoreCritical

10.0

Ecosystem	Package	Version

Ecosystem	Package	Version

Vulnerabilities

CVE-2026-25587

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, as Map is in SAFE_PROTOYPES, it's prototype can be obtained via Map.prototype. By overwriting Map.prototype.has the sandbox can be escaped. This vulnerability is fixed in 0.8.29.

Published Feb 6, 2026

https://github.com/advisories/GHSA-66h4-qj4x-38xp

CVSS ScoreCritical

10.0


npm	@nyariv/sandboxjs	0.1.0
npm	@nyariv/sandboxjs	0.1.1
npm	@nyariv/sandboxjs	0.2.0
npm	@nyariv/sandboxjs	0.2.1
npm	@nyariv/sandboxjs	0.2.2
npm	@nyariv/sandboxjs	0.2.3
npm	@nyariv/sandboxjs	0.3.0
npm	@nyariv/sandboxjs	0.3.10
npm	@nyariv/sandboxjs	0.3.11
npm	@nyariv/sandboxjs	0.3.12
npm	@nyariv/sandboxjs	0.3.13
npm	@nyariv/sandboxjs	0.3.14
npm	@nyariv/sandboxjs	0.3.15
npm	@nyariv/sandboxjs	0.3.16
npm	@nyariv/sandboxjs	0.3.17
npm	@nyariv/sandboxjs	0.3.18
npm	@nyariv/sandboxjs	0.3.1
npm	@nyariv/sandboxjs	0.3.2
npm	@nyariv/sandboxjs	0.3.3
npm	@nyariv/sandboxjs	0.3.4
npm	@nyariv/sandboxjs	0.3.5
npm	@nyariv/sandboxjs	0.3.6
npm	@nyariv/sandboxjs	0.3.7
npm	@nyariv/sandboxjs	0.3.8
npm	@nyariv/sandboxjs	0.3.9
npm	@nyariv/sandboxjs	0.4.0
npm	@nyariv/sandboxjs	0.5.0
npm	@nyariv/sandboxjs	0.5.1
npm	@nyariv/sandboxjs	0.5.2
npm	@nyariv/sandboxjs	0.5.3
npm	@nyariv/sandboxjs	0.6.0
npm	@nyariv/sandboxjs	0.6.1
npm	@nyariv/sandboxjs	0.6.2
npm	@nyariv/sandboxjs	0.6.3
npm	@nyariv/sandboxjs	0.7.0
npm	@nyariv/sandboxjs	0.7.1
npm	@nyariv/sandboxjs	0.8.0
npm	@nyariv/sandboxjs	0.8.10
npm	@nyariv/sandboxjs	0.8.11
npm	@nyariv/sandboxjs	0.8.12
npm	@nyariv/sandboxjs	0.8.13
npm	@nyariv/sandboxjs	0.8.14
npm	@nyariv/sandboxjs	0.8.15
npm	@nyariv/sandboxjs	0.8.16
npm	@nyariv/sandboxjs	0.8.17
npm	@nyariv/sandboxjs	0.8.18
npm	@nyariv/sandboxjs	0.8.19
npm	@nyariv/sandboxjs	0.8.1
npm	@nyariv/sandboxjs	0.8.20
npm	@nyariv/sandboxjs	0.8.21

Ecosystem	Package	Version


npm	@nyariv/sandboxjs	0.1.0
npm	@nyariv/sandboxjs	0.1.1
npm	@nyariv/sandboxjs	0.2.0
npm	@nyariv/sandboxjs	0.2.1
npm	@nyariv/sandboxjs	0.2.2
npm	@nyariv/sandboxjs	0.2.3
npm	@nyariv/sandboxjs	0.3.0
npm	@nyariv/sandboxjs	0.3.10
npm	@nyariv/sandboxjs	0.3.11
npm	@nyariv/sandboxjs	0.3.12
npm	@nyariv/sandboxjs	0.3.13
npm	@nyariv/sandboxjs	0.3.14
npm	@nyariv/sandboxjs	0.3.15
npm	@nyariv/sandboxjs	0.3.16
npm	@nyariv/sandboxjs	0.3.17
npm	@nyariv/sandboxjs	0.3.18
npm	@nyariv/sandboxjs	0.3.1
npm	@nyariv/sandboxjs	0.3.2
npm	@nyariv/sandboxjs	0.3.3
npm	@nyariv/sandboxjs	0.3.4
npm	@nyariv/sandboxjs	0.3.5
npm	@nyariv/sandboxjs	0.3.6
npm	@nyariv/sandboxjs	0.3.7
npm	@nyariv/sandboxjs	0.3.8
npm	@nyariv/sandboxjs	0.3.9
npm	@nyariv/sandboxjs	0.4.0
npm	@nyariv/sandboxjs	0.5.0
npm	@nyariv/sandboxjs	0.5.1
npm	@nyariv/sandboxjs	0.5.2
npm	@nyariv/sandboxjs	0.5.3
npm	@nyariv/sandboxjs	0.6.0
npm	@nyariv/sandboxjs	0.6.1
npm	@nyariv/sandboxjs	0.6.2
npm	@nyariv/sandboxjs	0.6.3
npm	@nyariv/sandboxjs	0.7.0
npm	@nyariv/sandboxjs	0.7.1
npm	@nyariv/sandboxjs	0.8.0
npm	@nyariv/sandboxjs	0.8.10
npm	@nyariv/sandboxjs	0.8.11
npm	@nyariv/sandboxjs	0.8.12
npm	@nyariv/sandboxjs	0.8.13
npm	@nyariv/sandboxjs	0.8.14
npm	@nyariv/sandboxjs	0.8.15
npm	@nyariv/sandboxjs	0.8.16
npm	@nyariv/sandboxjs	0.8.17
npm	@nyariv/sandboxjs	0.8.18
npm	@nyariv/sandboxjs	0.8.19
npm	@nyariv/sandboxjs	0.8.1
npm	@nyariv/sandboxjs	0.8.20
npm	@nyariv/sandboxjs	0.8.21

Find vulnerabilities. Fix fast with AI.

CVE-2026-25587

CVE-2026-25587