Package impact
npm / vm2
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-44001 | high | 8.6 | 8.6 | 16d ago | vm2 has a Sandbox Escape via Promise Constructor Unhandled Rejection (Process Crash DoS) | |||
| CVE-2026-43998 | high | 8.5 | 8.5 | 16d ago | vm2 has a NodeVM require.root bypass via symlink traversal that allows sandbox escape | |||
| CVE-2026-44004 | high | 7.5 | 7.5 | 16d ago | vm2 Sandbox Access to Host Buffer.alloc Allows timeout Bypass Resulting in Memory Exhaustion | |||
| CVE-2026-44000 | high | 7.2 | 7.2 | 16d ago | vm2 Host Promise Resolution Preserves Object Identity Across Sandbox Boundary | |||
| CVE-2026-44003 | medium | 5.8 | 5.8 | 16d ago | vm2's Transformer Fast-Path Bypass Exposes Internal State Variable | |||
| CVE-2026-44002 | medium | 5.8 | 5.8 | 16d ago | vm2 is Vulnerable to Host File Path Disclosure via Stack Trace Information Leak |