Package impact
npm / vm2
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-44001 | high | 8.6 | 8.6 | 15d ago | vm2 has a Sandbox Escape via Promise Constructor Unhandled Rejection (Process Crash DoS) | |
| CVE-2026-43998 | high | 8.5 | 8.5 | 15d ago | vm2 has a NodeVM require.root bypass via symlink traversal that allows sandbox escape | |
| CVE-2026-44004 | high | 7.5 | 7.5 | 15d ago | vm2 Sandbox Access to Host Buffer.alloc Allows timeout Bypass Resulting in Memory Exhaustion | |
| CVE-2026-44000 | high | 7.2 | 7.2 | 15d ago | vm2 Host Promise Resolution Preserves Object Identity Across Sandbox Boundary | |
| CVE-2026-44003 | medium | 5.8 | 5.8 | 15d ago | vm2's Transformer Fast-Path Bypass Exposes Internal State Variable | |
| CVE-2026-44002 | medium | 5.8 | 5.8 | 15d ago | vm2 is Vulnerable to Host File Path Disclosure via Stack Trace Information Leak |