Quickjs
by Quickjs Ng
Source repositories
CVEs (19)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-37630 | Hig | 0.47 | 7.3 | 0.00 | May 11, 2026 | An issue in QuickJS-NG v.0.12.1 allows an attacker to execute arbitrary code via the js_mapped_arguments_mark function | ||
| CVE-2026-0821 | Hig | 0.40 | 7.3 | 0.00 | Jan 10, 2026 | A vulnerability was determined in quickjs-ng quickjs up to 0.11.0. This vulnerability affects the function js_typed_array_constructor of the file quickjs.c. Executing a manipulation can lead to heap-based buffer overflow. The attack may be launched remotely. The exploit has been… | ||
| CVE-2026-3979 | Med | 0.34 | 5.3 | 0.00 | Mar 12, 2026 | A flaw has been found in quickjs-ng quickjs up to 0.12.1. This affects the function js_iterator_concat_return of the file quickjs.c. This manipulation causes use after free. The attack requires local access. The exploit has been published and may be used. Patch name:… | ||
| CVE-2026-1145 | Med | 0.34 | 6.3 | 0.00 | Jan 19, 2026 | A flaw has been found in quickjs-ng quickjs up to 0.11.0. Affected by this vulnerability is the function js_typed_array_constructor_ta of the file quickjs.c. This manipulation causes heap-based buffer overflow. The attack is possible to be carried out remotely. The exploit has… | ||
| CVE-2026-1144 | Med | 0.34 | 6.3 | 0.00 | Jan 19, 2026 | A vulnerability was detected in quickjs-ng quickjs up to 0.11.0. Affected is an unknown function of the file quickjs.c of the component Atomics Ops Handler. The manipulation results in use after free. The attack can be executed remotely. The exploit is now public and may be… | ||
| CVE-2026-0822 | Med | 0.34 | 6.3 | 0.00 | Jan 10, 2026 | A vulnerability was identified in quickjs-ng quickjs up to 0.11.0. This issue affects the function js_typed_array_sort of the file quickjs.c. The manipulation leads to heap-based buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available… | ||
| CVE-2025-62496 | 0.00 | — | 0.00 | Oct 16, 2025 | A vulnerability exists in the QuickJS engine's BigInt string parsing logic (js_bigint_from_string) when attempting to create a BigInt from a string with an excessively large number of digits. The function calculates the necessary number of bits (n_bits) required to store the… | |||
| CVE-2025-62495 | 0.00 | — | 0.00 | Oct 16, 2025 | An integer overflow vulnerability exists in the QuickJS regular expression engine (libregexp) due to an inconsistent representation of the bytecode buffer size. * The regular expression bytecode is stored in a DynBuf structure, which correctly uses a $\text{size}\_\text{t}$… | |||
| CVE-2025-62494 | 0.00 | — | 0.00 | Oct 16, 2025 | A type confusion vulnerability exists in the handling of the string addition (+) operation within the QuickJS engine. * The code first checks if the left-hand operand is a string. * It then attempts to convert the right-hand operand to a primitive value using… | |||
| CVE-2025-62493 | 0.00 | — | 0.00 | Oct 16, 2025 | A vulnerability exists in the QuickJS engine's BigInt string conversion logic (js_bigint_to_string1) due to an incorrect calculation of the required number of digits, which in turn leads to reading memory past the allocated BigInt structure. * The function determines the… | |||
| CVE-2025-62492 | 0.00 | — | 0.00 | Oct 16, 2025 | A vulnerability stemming from floating-point arithmetic precision errors exists in the QuickJS engine's implementation of TypedArray.prototype.indexOf() when a negative fromIndex argument is supplied. * The fromIndex argument (read as a double variable, $d$) is used to… | |||
| CVE-2025-62491 | 0.00 | — | 0.00 | Oct 16, 2025 | A Use-After-Free (UAF) vulnerability exists in the QuickJS engine's standard library when iterating over the global list of unhandled rejected promises (ts->rejected_promise_list). * The function js_std_promise_rejection_check attempts to iterate over the… | |||
| CVE-2025-62490 | 0.00 | — | 0.00 | Oct 16, 2025 | In quickjs, in js_print_object, when printing an array, the function first fetches the array length and then loops over it. The issue is, printing a value is not side-effect free. An attacker-defined callback could run during js_print_value, during which the array could get… | |||
| CVE-2025-46687 | 0.00 | — | 0.00 | Apr 27, 2025 | quickjs-ng through 0.9.0 has a missing length check in JS_ReadString for a string, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected. | |||
| CVE-2025-46688 | 0.00 | — | 0.00 | Apr 27, 2025 | quickjs-ng through 0.9.0 has an incorrect size calculation in JS_ReadBigInt for a BigInt, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected. | |||
| CVE-2024-13903 | 0.00 | — | 0.01 | Mar 21, 2025 | A vulnerability was found in quickjs-ng QuickJS up to 0.8.0. It has been declared as problematic. Affected by this vulnerability is the function JS_GetRuntime of the file quickjs.c of the component qjs. The manipulation leads to stack-based buffer overflow. The attack can be… | |||
| CVE-2024-33263 | 0.00 | — | 0.00 | Apr 26, 2024 | QuickJS commit 3b45d15 was discovered to contain an Assertion Failure via JS_FreeRuntime(JSRuntime *) at quickjs.c. | |||
| CVE-2023-48184 | 0.00 | — | 0.00 | Apr 23, 2024 | QuickJS before 7414e5f has a quickjs.h JS_FreeValueRT use-after-free because of incorrect garbage collection of async functions with closures. | |||
| CVE-2023-48183 | 0.00 | — | 0.01 | Apr 23, 2024 | QuickJS before c4cdd61 has a build_for_in_iterator NULL pointer dereference because of an erroneous lexical scope of "this" with eval. |
- risk 0.47cvss 7.3epss 0.00
An issue in QuickJS-NG v.0.12.1 allows an attacker to execute arbitrary code via the js_mapped_arguments_mark function
- risk 0.40cvss 7.3epss 0.00
A vulnerability was determined in quickjs-ng quickjs up to 0.11.0. This vulnerability affects the function js_typed_array_constructor of the file quickjs.c. Executing a manipulation can lead to heap-based buffer overflow. The attack may be launched remotely. The exploit has been…
- risk 0.34cvss 5.3epss 0.00
A flaw has been found in quickjs-ng quickjs up to 0.12.1. This affects the function js_iterator_concat_return of the file quickjs.c. This manipulation causes use after free. The attack requires local access. The exploit has been published and may be used. Patch name:…
- risk 0.34cvss 6.3epss 0.00
A flaw has been found in quickjs-ng quickjs up to 0.11.0. Affected by this vulnerability is the function js_typed_array_constructor_ta of the file quickjs.c. This manipulation causes heap-based buffer overflow. The attack is possible to be carried out remotely. The exploit has…
- risk 0.34cvss 6.3epss 0.00
A vulnerability was detected in quickjs-ng quickjs up to 0.11.0. Affected is an unknown function of the file quickjs.c of the component Atomics Ops Handler. The manipulation results in use after free. The attack can be executed remotely. The exploit is now public and may be…
- risk 0.34cvss 6.3epss 0.00
A vulnerability was identified in quickjs-ng quickjs up to 0.11.0. This issue affects the function js_typed_array_sort of the file quickjs.c. The manipulation leads to heap-based buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available…
- CVE-2025-62496Oct 16, 2025risk 0.00cvss —epss 0.00
A vulnerability exists in the QuickJS engine's BigInt string parsing logic (js_bigint_from_string) when attempting to create a BigInt from a string with an excessively large number of digits. The function calculates the necessary number of bits (n_bits) required to store the…
- CVE-2025-62495Oct 16, 2025risk 0.00cvss —epss 0.00
An integer overflow vulnerability exists in the QuickJS regular expression engine (libregexp) due to an inconsistent representation of the bytecode buffer size. * The regular expression bytecode is stored in a DynBuf structure, which correctly uses a $\text{size}\_\text{t}$…
- CVE-2025-62494Oct 16, 2025risk 0.00cvss —epss 0.00
A type confusion vulnerability exists in the handling of the string addition (+) operation within the QuickJS engine. * The code first checks if the left-hand operand is a string. * It then attempts to convert the right-hand operand to a primitive value using…
- CVE-2025-62493Oct 16, 2025risk 0.00cvss —epss 0.00
A vulnerability exists in the QuickJS engine's BigInt string conversion logic (js_bigint_to_string1) due to an incorrect calculation of the required number of digits, which in turn leads to reading memory past the allocated BigInt structure. * The function determines the…
- CVE-2025-62492Oct 16, 2025risk 0.00cvss —epss 0.00
A vulnerability stemming from floating-point arithmetic precision errors exists in the QuickJS engine's implementation of TypedArray.prototype.indexOf() when a negative fromIndex argument is supplied. * The fromIndex argument (read as a double variable, $d$) is used to…
- CVE-2025-62491Oct 16, 2025risk 0.00cvss —epss 0.00
A Use-After-Free (UAF) vulnerability exists in the QuickJS engine's standard library when iterating over the global list of unhandled rejected promises (ts->rejected_promise_list). * The function js_std_promise_rejection_check attempts to iterate over the…
- CVE-2025-62490Oct 16, 2025risk 0.00cvss —epss 0.00
In quickjs, in js_print_object, when printing an array, the function first fetches the array length and then loops over it. The issue is, printing a value is not side-effect free. An attacker-defined callback could run during js_print_value, during which the array could get…
- CVE-2025-46687Apr 27, 2025risk 0.00cvss —epss 0.00
quickjs-ng through 0.9.0 has a missing length check in JS_ReadString for a string, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected.
- CVE-2025-46688Apr 27, 2025risk 0.00cvss —epss 0.00
quickjs-ng through 0.9.0 has an incorrect size calculation in JS_ReadBigInt for a BigInt, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected.
- CVE-2024-13903Mar 21, 2025risk 0.00cvss —epss 0.01
A vulnerability was found in quickjs-ng QuickJS up to 0.8.0. It has been declared as problematic. Affected by this vulnerability is the function JS_GetRuntime of the file quickjs.c of the component qjs. The manipulation leads to stack-based buffer overflow. The attack can be…
- CVE-2024-33263Apr 26, 2024risk 0.00cvss —epss 0.00
QuickJS commit 3b45d15 was discovered to contain an Assertion Failure via JS_FreeRuntime(JSRuntime *) at quickjs.c.
- CVE-2023-48184Apr 23, 2024risk 0.00cvss —epss 0.00
QuickJS before 7414e5f has a quickjs.h JS_FreeValueRT use-after-free because of incorrect garbage collection of async functions with closures.
- CVE-2023-48183Apr 23, 2024risk 0.00cvss —epss 0.01
QuickJS before c4cdd61 has a build_for_in_iterator NULL pointer dereference because of an erroneous lexical scope of "this" with eval.