VYPR

npm package

@enclave-vm/core

pkg:npm/%40enclave-vm/core

Vulnerabilities (2)

  • CVE-2026-27597Feb 25, 2026
    affected < 2.11.1fixed 2.11.1

    Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to version 2.11.1, it is possible to escape the security boundraries set by `@enclave-vm/core`, which can be used to achieve remote code execution (RCE). The issue has been fixed in version 2.

  • CVE-2026-25533Feb 6, 2026
    affected < 2.10.1fixed 2.10.1

    Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.10.1, the existing layers of security in enclave-vm are insufficient: The AST sanitization can be bypassed with dynamic property accesses, the hardening of the error objects does not cove