Jsish
by Jsish
Source repositories
CVEs (53)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-46485 | Med | 0.36 | 5.5 | 0.01 | Jan 27, 2022 | Jsish v3.5.0 was discovered to contain a SEGV vulnerability via Jsi_ValueIsNumber at src/jsiValue.c. This vulnerability can lead to a Denial of Service (DoS). | ||
| CVE-2021-46484 | Med | 0.36 | 5.5 | 0.01 | Jan 27, 2022 | Jsish v3.5.0 was discovered to contain a heap-use-after-free via Jsi_IncrRefCount in src/jsiValue.c. This vulnerability can lead to a Denial of Service (DoS). | ||
| CVE-2021-46481 | Med | 0.36 | 5.5 | 0.01 | Jan 25, 2022 | Jsish v3.5.0 was discovered to contain a memory leak via linenoise at src/linenoise.c. | ||
| CVE-2021-46480 | Med | 0.36 | 5.5 | 0.01 | Jan 25, 2022 | Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsiValueObjDelete in src/jsiEval.c. This vulnerability can lead to a Denial of Service (DoS). | ||
| CVE-2021-46478 | Med | 0.36 | 5.5 | 0.01 | Jan 25, 2022 | Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsiClearStack in src/jsiEval.c. This vulnerability can lead to a Denial of Service (DoS). | ||
| CVE-2021-46477 | Med | 0.36 | 5.5 | 0.01 | Jan 25, 2022 | Jsish v3.5.0 was discovered to contain a heap buffer overflow via RegExp_constructor in src/jsiRegexp.c. This vulnerability can lead to a Denial of Service (DoS). | ||
| CVE-2021-46475 | Med | 0.36 | 5.5 | 0.01 | Jan 25, 2022 | Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsi_ArraySliceCmd in src/jsiArray.c. This vulnerability can lead to a Denial of Service (DoS). | ||
| CVE-2021-46474 | Med | 0.36 | 5.5 | 0.01 | Jan 25, 2022 | Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsiEvalCodeSub in src/jsiEval.c. This vulnerability can lead to a Denial of Service (DoS). | ||
| CVE-2019-1010162 | Med | 0.36 | 5.5 | 0.01 | Jul 23, 2019 | jsish 2.4.74 2.0474 is affected by: CWE-476: NULL Pointer Dereference. The impact is: denial of service. The component is: function Jsi_StrcmpDict (jsiChar.c:121). The attack vector is: The victim must execute crafted javascript code. The fixed version is: 2.4.77. | ||
| CVE-2025-65570 | 0.00 | — | 0.00 | Dec 29, 2025 | A type confusion in jsish 2.0 allows incorrect control flow during execution of the OP_NEXT opcode. When an “instanceof” expression uses an array element access as the left-hand operand inside a for-in loop, the instructions implementation leaves an additional array… | |||
| CVE-2020-22875 | Cri | 0.00 | 9.8 | 0.03 | Jul 13, 2021 | Integer overflow vulnerability in function Jsi_ObjSetLength in jsish before 3.0.6, allows remote attackers to execute arbitrary code. | ||
| CVE-2020-22874 | Cri | 0.00 | 9.8 | 0.03 | Jul 13, 2021 | Integer overflow vulnerability in function Jsi_ObjArraySizer in jsish before 3.0.8, allows remote attackers to execute arbitrary code. | ||
| CVE-2020-22873 | Cri | 0.00 | 9.8 | 0.02 | Jul 13, 2021 | Buffer overflow vulnerability in function NumberToPrecisionCmd in jsish before 3.0.7, allows remote attackers to execute arbitrary code. |
- risk 0.36cvss 5.5epss 0.01
Jsish v3.5.0 was discovered to contain a SEGV vulnerability via Jsi_ValueIsNumber at src/jsiValue.c. This vulnerability can lead to a Denial of Service (DoS).
- risk 0.36cvss 5.5epss 0.01
Jsish v3.5.0 was discovered to contain a heap-use-after-free via Jsi_IncrRefCount in src/jsiValue.c. This vulnerability can lead to a Denial of Service (DoS).
- risk 0.36cvss 5.5epss 0.01
Jsish v3.5.0 was discovered to contain a memory leak via linenoise at src/linenoise.c.
- risk 0.36cvss 5.5epss 0.01
Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsiValueObjDelete in src/jsiEval.c. This vulnerability can lead to a Denial of Service (DoS).
- risk 0.36cvss 5.5epss 0.01
Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsiClearStack in src/jsiEval.c. This vulnerability can lead to a Denial of Service (DoS).
- risk 0.36cvss 5.5epss 0.01
Jsish v3.5.0 was discovered to contain a heap buffer overflow via RegExp_constructor in src/jsiRegexp.c. This vulnerability can lead to a Denial of Service (DoS).
- risk 0.36cvss 5.5epss 0.01
Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsi_ArraySliceCmd in src/jsiArray.c. This vulnerability can lead to a Denial of Service (DoS).
- risk 0.36cvss 5.5epss 0.01
Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsiEvalCodeSub in src/jsiEval.c. This vulnerability can lead to a Denial of Service (DoS).
- risk 0.36cvss 5.5epss 0.01
jsish 2.4.74 2.0474 is affected by: CWE-476: NULL Pointer Dereference. The impact is: denial of service. The component is: function Jsi_StrcmpDict (jsiChar.c:121). The attack vector is: The victim must execute crafted javascript code. The fixed version is: 2.4.77.
- CVE-2025-65570Dec 29, 2025risk 0.00cvss —epss 0.00
A type confusion in jsish 2.0 allows incorrect control flow during execution of the OP_NEXT opcode. When an “instanceof” expression uses an array element access as the left-hand operand inside a for-in loop, the instructions implementation leaves an additional array…
- risk 0.00cvss 9.8epss 0.03
Integer overflow vulnerability in function Jsi_ObjSetLength in jsish before 3.0.6, allows remote attackers to execute arbitrary code.
- risk 0.00cvss 9.8epss 0.03
Integer overflow vulnerability in function Jsi_ObjArraySizer in jsish before 3.0.8, allows remote attackers to execute arbitrary code.
- risk 0.00cvss 9.8epss 0.02
Buffer overflow vulnerability in function NumberToPrecisionCmd in jsish before 3.0.7, allows remote attackers to execute arbitrary code.
Page 3 of 3