VIR Vulnerability Intelligence Relay

Package impact

npm npm / vm2

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-44001 high 8.6 8.6 15d ago vm2 has a Sandbox Escape via Promise Constructor Unhandled Rejection (Process Crash DoS) npm
CVE-2026-43998 high 8.5 8.5 15d ago vm2 has a NodeVM require.root bypass via symlink traversal that allows sandbox escape npm
CVE-2026-44004 high 7.5 7.5 15d ago vm2 Sandbox Access to Host Buffer.alloc Allows timeout Bypass Resulting in Memory Exhaustion npm
CVE-2026-44000 high 7.2 7.2 15d ago vm2 Host Promise Resolution Preserves Object Identity Across Sandbox Boundary npm