npm package
billboard.js
pkg:npm/billboard.js
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-1513 | — | < 3.18.0 | 3.18.0 | Jan 28, 2026 | billboard.js before 3.18.0 allows an attacker to execute malicious JavaScript due to improper sanitization during chart option binding. | ||
| CVE-2025-49223 | — | < 3.15.1 | 3.15.1 | Jun 4, 2025 | billboard.js before 3.15.1 was discovered to contain a prototype pollution via the function generate, which could allow attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. |
- CVE-2026-1513Jan 28, 2026affected < 3.18.0fixed 3.18.0
billboard.js before 3.18.0 allows an attacker to execute malicious JavaScript due to improper sanitization during chart option binding.
- CVE-2025-49223Jun 4, 2025affected < 3.15.1fixed 3.15.1
billboard.js before 3.15.1 was discovered to contain a prototype pollution via the function generate, which could allow attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.