VIR Vulnerability Intelligence Relay

Package impact

npm npm / vm2

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-44006 critical 10.0 10.0 14d ago vm2 has a Sandbox Escape Vulnerability npm
CVE-2026-44005 critical 10.0 10.0 14d ago vm2: Mutable Proxies for Host Intrinsic Prototypes Allows Sandbox Escape npm
CVE-2026-43997 critical 10.0 10.0 14d ago vm2 Access to Host Object Enables Sandbox Escape npm
CVE-2026-26332 critical 10.0 10.0 23d ago VM2 Has a Sandbox Escape Issue via SuppressedError npm
CVE-2026-43999 critical 9.9 9.9 14d ago vm2 has a NodeVM builtin allowlist bypass via `module` builtin's `Module._load` that allows sandbox escape npm
CVE-2026-45411 critical 9.8 9.8 14d ago vm2 Has a Sandbox Breakout Using Async Generator npm
CVE-2026-44009 critical 9.8 9.8 14d ago vm2 has Sandbox Breakout Through Null Proto Exception npm
CVE-2026-44008 critical 9.8 9.8 14d ago vm2 has sandbox breakout via `neutralizeArraySpeciesBatch` npm
CVE-2026-26956 critical 9.8 9.8 23d ago VM2 Has a WASM Sandbox Escape (Node 25 only) npm
CVE-2026-24781 critical 9.8 9.8 23d ago VM2 Has Sandbox Breakout Through Inspect Function npm
CVE-2026-24120 critical 9.8 9.8 23d ago VM2 Has Sandbox Breakout Through Promise Species npm
CVE-2026-24118 critical 9.8 9.8 23d ago VM2 Sandbox Breakout Through __lookupGetter__ npm
CVE-2026-44007 critical 9.1 9.1 14d ago vm2 NodeVM `nesting: true` bypasses `require: false` allowing sandbox escape and arbitrary OS command execution npm
CVE-2026-44001 high 8.6 8.6 14d ago vm2 has a Sandbox Escape via Promise Constructor Unhandled Rejection (Process Crash DoS) npm
CVE-2026-43998 high 8.5 8.5 14d ago vm2 has a NodeVM require.root bypass via symlink traversal that allows sandbox escape npm
CVE-2026-44004 high 7.5 7.5 14d ago vm2 Sandbox Access to Host Buffer.alloc Allows timeout Bypass Resulting in Memory Exhaustion npm
CVE-2026-44000 high 7.2 7.2 14d ago vm2 Host Promise Resolution Preserves Object Identity Across Sandbox Boundary npm
CVE-2026-44003 medium 5.8 5.8 14d ago vm2's Transformer Fast-Path Bypass Exposes Internal State Variable npm
CVE-2026-44002 medium 5.8 5.8 14d ago vm2 is Vulnerable to Host File Path Disclosure via Stack Trace Information Leak npm
CVE-2026-22709 unknown 4mo ago vm2 has a Sandbox Escape npm
CVE-2023-37466 unknown 3y ago vm2 Sandbox Escape vulnerability npm
CVE-2023-37903 unknown 3y ago vm2 Sandbox Escape vulnerability npm
CVE-2023-32313 unknown 3y ago vm2 vulnerable to Inspect Manipulation npm
CVE-2023-32314 unknown 3y ago vm2 Sandbox Escape vulnerability npm
CVE-2023-30547 unknown 3y ago vm2 Sandbox Escape vulnerability npm
CVE-2023-29199 unknown 3y ago vm2 Sandbox Escape vulnerability npm
CVE-2023-29017 unknown 3y ago vm2 vulnerable to sandbox escape npm
CVE-2022-25893 unknown 4y ago vm2 vulnerable to Arbitrary Code Execution npm
CVE-2022-36067 unknown 4y ago vm2 vulnerable to Sandbox Escape resulting in Remote Code Execution on host npm
CVE-2019-10761 unknown 4y ago vm2 before 3.6.11 vulnerable to sandbox escape npm
CVE-2021-23555 unknown 4y ago Sandbox bypass in vm2 npm
CVE-2021-23449 unknown 5y ago Prototype Pollution in vm2 npm