High severityOSV Advisory· Published Jan 28, 2026· Updated Jan 29, 2026
CVE-2026-1513
CVE-2026-1513
Description
billboard.js before 3.18.0 allows an attacker to execute malicious JavaScript due to improper sanitization during chart option binding.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
billboard.jsnpm | < 3.18.0 | 3.18.0 |
Affected products
3- Range: 1.10.0, 1.10.1, 1.9.0, …
- ghsa-coords2 versions
< 3.18.0+ 1 more
- (no CPE)range: < 3.18.0
- (no CPE)range: < 1.2.30+git231.bca15e70c-1.1
Patches
Vulnerability mechanics
References
5- cve.naver.com/detail/cve-2026-1513.htmlghsavendor-advisoryWEB
- github.com/advisories/GHSA-rpc5-pm7q-hjmpghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-1513ghsaADVISORY
- github.com/naver/billboard.js/commit/49e079cdd466fc8ba7ab208988181e5b7a5f336bghsaWEB
- github.com/naver/billboard.js/issues/4078ghsaWEB
News mentions
0No linked articles in our index yet.