VYPR

Quickjs

by Quickjs Project

CVEs (4)

  • CVE-2025-69654HigMar 6, 2026
    risk 0.49cvss 7.5epss 0.00

    A crafted JavaScript input executed with the QuickJS release 2025-09-13, fixed in commit fcd33c1afa7b3028531f53cd1190a3877454f6b3 (2025-12-11),`qjs` interpreter using the `-m` option and a low memory limit can cause an out-of-memory condition followed by an assertion failure in…

  • CVE-2025-69653MedMar 6, 2026
    risk 0.42cvss 6.5epss 0.00

    A crafted JavaScript input can trigger an internal assertion failure in QuickJS release 2025-09-13, fixed in commit 1dbba8a88eaa40d15a8a9b70bb1a0b8fb5b552e6 (2025-12-11), in file gc_decref_child in quickjs.c, when executed with the qjs interpreter using the -m option. This leads…

  • CVE-2025-46688MedApr 27, 2025
    risk 0.00cvss 5.6epss 0.00

    quickjs-ng through 0.9.0 has an incorrect size calculation in JS_ReadBigInt for a BigInt, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected.

  • CVE-2025-46687MedApr 27, 2025
    risk 0.00cvss 5.6epss 0.00

    quickjs-ng through 0.9.0 has a missing length check in JS_ReadString for a string, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected.

VYPR — Vulnerability Intelligence