VYPR

npm package

billboard.js

pkg:npm/billboard.js

Vulnerabilities (2)

  • CVE-2026-1513Jan 28, 2026
    affected < 3.18.0fixed 3.18.0

    billboard.js before 3.18.0 allows an attacker to execute malicious JavaScript due to improper sanitization during chart option binding.

  • CVE-2025-49223Jun 4, 2025
    affected < 3.15.1fixed 3.15.1

    billboard.js before 3.15.1 was discovered to contain a prototype pollution via the function generate, which could allow attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.