npm package
plotly.js
pkg:npm/plotly.js
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-46308 | — | < 2.25.2 | 2.25.2 | Jan 3, 2024 | In Plotly plotly.js before 2.25.2, plot API calls have a risk of __proto__ being polluted in expandObjectPaths or nestedProperty. | ||
| CVE-2017-1000006 | Med | 6.1 | < 1.16.0 | 1.16.0 | Jul 17, 2017 | Plotly, Inc. plotly.js versions prior to 1.16.0 are vulnerable to an XSS issue. |
- CVE-2023-46308Jan 3, 2024affected < 2.25.2fixed 2.25.2
In Plotly plotly.js before 2.25.2, plot API calls have a risk of __proto__ being polluted in expandObjectPaths or nestedProperty.
- affected < 1.16.0fixed 1.16.0
Plotly, Inc. plotly.js versions prior to 1.16.0 are vulnerable to an XSS issue.