VYPR

Vendor CVEs

Jsish

All CVEs

53 total · sorted by risk
  • CVE-2024-24189CriFeb 7, 2024
    risk 0.64cvss 9.8epss 0.01

    Jsish v3.5.0 (commit 42c694c) was discovered to contain a use-after-free via the SplitChar at ./src/jsiUtils.c.

  • CVE-2024-24188CriFeb 7, 2024
    risk 0.64cvss 9.8epss 0.01

    Jsish v3.5.0 was discovered to contain a heap-buffer-overflow in ./src/jsiUtils.c.

  • CVE-2024-24186CriFeb 7, 2024
    risk 0.64cvss 9.8epss 0.01

    Jsish v3.5.0 (commit 42c694c) was discovered to contain a stack-overflow via the component IterGetKeysCallback at /jsish/src/jsiValue.c.

  • CVE-2019-1010177CriJul 24, 2019
    risk 0.64cvss 9.8epss 0.02

    Jsish 2.4.70 2.047 is affected by: Use After Free. The impact is: denial of service and possibly arbitrary code execution. The component is: function Jsi_RegExpNew (jsi/jsiRegexp.c:39). The attack vector is: executing crafted javascript code. The fixed version is: after commit…

  • CVE-2021-46483HigJan 25, 2022
    risk 0.51cvss 7.8epss 0.01

    Jsish v3.5.0 was discovered to contain a heap buffer overflow via BooleanConstructor at src/jsiBool.c.

  • CVE-2021-46482HigJan 25, 2022
    risk 0.51cvss 7.8epss 0.01

    Jsish v3.5.0 was discovered to contain a heap buffer overflow via NumberConstructor at src/jsiNumber.c.

  • CVE-2020-23260HigApr 4, 2023
    risk 0.49cvss 7.5epss 0.01

    An issue found in Jsish v.3.0.11 and before allows an attacker to cause a denial of service via the StringReplaceCmd function in the src/jsiChar.c file.

  • CVE-2020-23259HigApr 4, 2023
    risk 0.49cvss 7.5epss 0.01

    An issue found in Jsish v.3.0.11 and before allows an attacker to cause a denial of service via the Jsi_Strlen function in the src/jsiChar.c file.

  • CVE-2020-23258HigApr 4, 2023
    risk 0.49cvss 7.5epss 0.01

    An issue found in Jsish v.3.0.11 allows a remote attacker to cause a denial of service via the Jsi_ValueIsNumber function in ./src/jsiValue.c file.

  • CVE-2020-22907HigJul 13, 2021
    risk 0.49cvss 7.5epss 0.02

    Stack overflow vulnerability in function jsi_evalcode_sub in jsish before 3.0.18, allows remote attackers to cause a Denial of Service via a crafted value to the execute parameter.

  • CVE-2019-1010172HigJul 25, 2019
    risk 0.49cvss 7.5epss 0.01

    Jsish 2.4.84 2.0484 is affected by: Uncontrolled Resource Consumption. The impact is: denial of service. The component is: function jsiValueGetString (jsiUtils.c). The attack vector is: executing crafted javascript code. The fixed version is: after commit…

  • CVE-2019-1010173HigJul 23, 2019
    risk 0.49cvss 7.5epss 0.01

    Jsish 2.4.84 2.0484 is affected by: Reachable Assertion. The impact is: denial of service. The component is: function Jsi_ValueArrayIndex (jsiValue.c:366). The attack vector is: executing crafted javascript code. The fixed version is: after commit…

  • CVE-2019-1010171HigJul 23, 2019
    risk 0.49cvss 7.5epss 0.01

    Jsish 2.4.83 2.0483 is affected by: Nullpointer dereference. The impact is: denial of service. The component is: function jsi_DumpFunctions (jsiEval.c:567). The attack vector is: executing crafted javascript code. The fixed version is: 2.4.84.

  • CVE-2019-1010170HigJul 23, 2019
    risk 0.49cvss 7.5epss 0.01

    Jsish 2.4.77 2.0477 is affected by: Use After Free. The impact is: denial of service. The component is: function Jsi_ObjFree (jsiObj.c:230). The attack vector is: executing crafted javascript code. The fixed version is: 2.4.78.

  • CVE-2019-1010169HigJul 23, 2019
    risk 0.49cvss 7.5epss 0.01

    Jsish 2.4.77 2.0477 is affected by: Out-of-bounds Read. The impact is: denial of service. The component is: function lexer_getchar (jsiLexer.c:9). The attack vector is: executing crafted javascript code. The fixed version is: 2.4.78.

  • CVE-2018-1000668MedSep 6, 2018
    risk 0.42cvss 6.5epss 0.01

    jsish version 2.4.70 2.047 contains a CWE-125: Out-of-bounds Read vulnerability in function jsi_ObjArrayLookup (jsiObj.c:274) that can result in Crash due to segmentation fault. This attack appear to be exploitable via The victim must execute crafted javascript code. This…

  • CVE-2018-1000663MedSep 6, 2018
    risk 0.42cvss 6.5epss 0.01

    jsish version 2.4.70 2.047 contains a Buffer Overflow vulnerability in function _jsi_evalcode from jsiEval.c that can result in Crash due to segmentation fault. This attack appear to be exploitable via The victim must execute crafted javascript code.

  • CVE-2018-1000661MedSep 6, 2018
    risk 0.42cvss 6.5epss 0.01

    jsish version 2.4.67 contains a CWE-476: NULL Pointer Dereference vulnerability in Jsi_LogMsg (jsiUtils.c:196) that can result in Crash due to segmentation fault. This attack appear to be exploitable via the victim executing specially crafted javascript code. This vulnerability…

  • CVE-2018-1000655MedAug 20, 2018
    risk 0.42cvss 6.5epss 0.01

    Jsish version 2.4.65 contains a CWE-476: NULL Pointer Dereference vulnerability in Function jsi_ValueCopyMove from jsiValue.c:240 that can result in Crash due to segmentation fault. This attack appear to be exploitable via a crafted javascript code. This vulnerability appears to…

  • CVE-2021-46507MedJan 27, 2022
    risk 0.36cvss 5.5epss 0.01

    Jsish v3.5.0 was discovered to contain a stack overflow via Jsi_LogMsg at src/jsiUtils.c.

  • CVE-2021-46506MedJan 27, 2022
    risk 0.36cvss 5.5epss 0.01

    There is an Assertion 'v->d.lval != v' failed at src/jsiValue.c in Jsish v3.5.0.

  • CVE-2021-46505MedJan 27, 2022
    risk 0.36cvss 5.5epss 0.01

    Jsish v3.5.0 was discovered to contain a stack overflow via /usr/lib/x86_64-linux-gnu/libasan.so.4+0x5b1e5.

  • CVE-2021-46504MedJan 27, 2022
    risk 0.36cvss 5.5epss 0.01

    There is an Assertion 'vp != resPtr' failed at jsiEval.c in Jsish v3.5.0.

  • CVE-2021-46503MedJan 27, 2022
    risk 0.36cvss 5.5epss 0.01

    Jsish v3.5.0 was discovered to contain a heap-use-after-free via /usr/lib/x86_64-linux-gnu/libasan.so.4+0x79732. This vulnerability can lead to a Denial of Service (DoS).

  • CVE-2021-46502MedJan 27, 2022
    risk 0.36cvss 5.5epss 0.01

    Jsish v3.5.0 was discovered to contain a heap-use-after-free via /usr/lib/x86_64-linux-gnu/libasan.so.4+0x5166d. This vulnerability can lead to a Denial of Service (DoS).

  • CVE-2021-46501MedJan 27, 2022
    risk 0.36cvss 5.5epss 0.01

    Jsish v3.5.0 was discovered to contain a heap-use-after-free via SortSubCmd in src/jsiArray.c. This vulnerability can lead to a Denial of Service (DoS).

  • CVE-2021-46500MedJan 27, 2022
    risk 0.36cvss 5.5epss 0.01

    Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_ArgTypeCheck in src/jsiFunc.c. This vulnerability can lead to a Denial of Service (DoS).

  • CVE-2021-46499MedJan 27, 2022
    risk 0.36cvss 5.5epss 0.01

    Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_ValueCopyMove in src/jsiValue.c. This vulnerability can lead to a Denial of Service (DoS).

  • CVE-2021-46498MedJan 27, 2022
    risk 0.36cvss 5.5epss 0.01

    Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_wswebsocketObjFree in src/jsiWebSocket.c. This vulnerability can lead to a Denial of Service (DoS).

  • CVE-2021-46497MedJan 27, 2022
    risk 0.36cvss 5.5epss 0.01

    Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_UserObjDelete in src/jsiUserObj.c. This vulnerability can lead to a Denial of Service (DoS).

  • CVE-2021-46496MedJan 27, 2022
    risk 0.36cvss 5.5epss 0.01

    Jsish v3.5.0 was discovered to contain a heap-use-after-free via Jsi_ObjFree in src/jsiObj.c. This vulnerability can lead to a Denial of Service (DoS).

  • CVE-2021-46495MedJan 27, 2022
    risk 0.36cvss 5.5epss 0.01

    Jsish v3.5.0 was discovered to contain a heap-use-after-free via DeleteTreeValue in src/jsiObj.c. This vulnerability can lead to a Denial of Service (DoS).

  • CVE-2021-46494MedJan 27, 2022
    risk 0.36cvss 5.5epss 0.01

    Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_ValueLookupBase in src/jsiValue.c. This vulnerability can lead to a Denial of Service (DoS).

  • CVE-2021-46492MedJan 27, 2022
    risk 0.36cvss 5.5epss 0.01

    Jsish v3.5.0 was discovered to contain a SEGV vulnerability via Jsi_FunctionInvoke at src/jsiFunc.c. This vulnerability can lead to a Denial of Service (DoS).

  • CVE-2021-46491MedJan 27, 2022
    risk 0.36cvss 5.5epss 0.01

    Jsish v3.5.0 was discovered to contain a SEGV vulnerability via Jsi_CommandPkgOpts at src/jsiCmds.c. This vulnerability can lead to a Denial of Service (DoS).

  • CVE-2021-46490MedJan 27, 2022
    risk 0.36cvss 5.5epss 0.01

    Jsish v3.5.0 was discovered to contain a SEGV vulnerability via NumberConstructor at src/jsiNumber.c. This vulnerability can lead to a Denial of Service (DoS).

  • CVE-2021-46489MedJan 27, 2022
    risk 0.36cvss 5.5epss 0.01

    Jsish v3.5.0 was discovered to contain a heap-use-after-free via Jsi_DecrRefCount in src/jsiValue.c. This vulnerability can lead to a Denial of Service (DoS).

  • CVE-2021-46488MedJan 27, 2022
    risk 0.36cvss 5.5epss 0.01

    Jsish v3.5.0 was discovered to contain a SEGV vulnerability via jsi_ArrayConcatCmd at src/jsiArray.c. This vulnerability can lead to a Denial of Service (DoS).

  • CVE-2021-46487MedJan 27, 2022
    risk 0.36cvss 5.5epss 0.01

    Jsish v3.5.0 was discovered to contain a SEGV vulnerability via /lib/x86_64-linux-gnu/libc.so.6+0x18e506. This vulnerability can lead to a Denial of Service (DoS).

  • CVE-2021-46486MedJan 27, 2022
    risk 0.36cvss 5.5epss 0.01

    Jsish v3.5.0 was discovered to contain a SEGV vulnerability via jsi_ArraySpliceCmd at src/jsiArray.c. This vulnerability can lead to a Denial of Service (DoS).

  • CVE-2021-46485MedJan 27, 2022
    risk 0.36cvss 5.5epss 0.01

    Jsish v3.5.0 was discovered to contain a SEGV vulnerability via Jsi_ValueIsNumber at src/jsiValue.c. This vulnerability can lead to a Denial of Service (DoS).

  • CVE-2021-46484MedJan 27, 2022
    risk 0.36cvss 5.5epss 0.01

    Jsish v3.5.0 was discovered to contain a heap-use-after-free via Jsi_IncrRefCount in src/jsiValue.c. This vulnerability can lead to a Denial of Service (DoS).

  • CVE-2021-46481MedJan 25, 2022
    risk 0.36cvss 5.5epss 0.01

    Jsish v3.5.0 was discovered to contain a memory leak via linenoise at src/linenoise.c.

  • CVE-2021-46480MedJan 25, 2022
    risk 0.36cvss 5.5epss 0.01

    Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsiValueObjDelete in src/jsiEval.c. This vulnerability can lead to a Denial of Service (DoS).

  • CVE-2021-46478MedJan 25, 2022
    risk 0.36cvss 5.5epss 0.01

    Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsiClearStack in src/jsiEval.c. This vulnerability can lead to a Denial of Service (DoS).

  • CVE-2021-46477MedJan 25, 2022
    risk 0.36cvss 5.5epss 0.01

    Jsish v3.5.0 was discovered to contain a heap buffer overflow via RegExp_constructor in src/jsiRegexp.c. This vulnerability can lead to a Denial of Service (DoS).

  • CVE-2021-46475MedJan 25, 2022
    risk 0.36cvss 5.5epss 0.01

    Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsi_ArraySliceCmd in src/jsiArray.c. This vulnerability can lead to a Denial of Service (DoS).

  • CVE-2021-46474MedJan 25, 2022
    risk 0.36cvss 5.5epss 0.01

    Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsiEvalCodeSub in src/jsiEval.c. This vulnerability can lead to a Denial of Service (DoS).

  • CVE-2019-1010162MedJul 23, 2019
    risk 0.36cvss 5.5epss 0.01

    jsish 2.4.74 2.0474 is affected by: CWE-476: NULL Pointer Dereference. The impact is: denial of service. The component is: function Jsi_StrcmpDict (jsiChar.c:121). The attack vector is: The victim must execute crafted javascript code. The fixed version is: 2.4.77.

  • CVE-2025-65570Dec 29, 2025
    risk 0.00cvss epss 0.00

    A type confusion in jsish 2.0 allows incorrect control flow during execution of the OP_NEXT opcode. When an “instanceof” expression uses an array element access as the left-hand operand inside a for-in loop, the instructions implementation leaves an additional array…

Page 1 of 2