Search for packages
| purl | pkg:npm/financejs@4.1.0 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-5a2g-w8a9-2uda
Aliases: CVE-2025-56572 GHSA-5q7q-p8pc-782h |
Finance.js vulnerable to DoS via the seekZero() parameter An issue in finance.js v.4.1.0 allows a remote attacker to cause a denial of service via the seekZero() parameter. | There are no reported fixed by versions. |
|
VCID-7t6j-w5wa-zycf
Aliases: CVE-2025-56571 GHSA-f8r4-mf27-rf7m |
Finance.js vulnerable to DoS via the IRR function’s depth parameter Finance.js v4.1.0 contains a Denial of Service (DoS) vulnerability via the IRR function’s depth parameter. Improper handling of the recursion/iteration limit can lead to excessive CPU usage, causing application stalls or crashes. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-05-31T01:05:23.817830+00:00 | GHSA Importer | Affected by | VCID-7t6j-w5wa-zycf | https://github.com/advisories/GHSA-f8r4-mf27-rf7m | 38.6.0 |
| 2026-05-31T01:05:23.744643+00:00 | GHSA Importer | Affected by | VCID-5a2g-w8a9-2uda | https://github.com/advisories/GHSA-5q7q-p8pc-782h | 38.6.0 |
| 2026-05-30T21:04:16.925399+00:00 | GitLab Importer | Affected by | VCID-5a2g-w8a9-2uda | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/financejs/CVE-2025-56572.yml | 38.6.0 |
| 2026-05-30T21:04:16.268521+00:00 | GitLab Importer | Affected by | VCID-7t6j-w5wa-zycf | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/financejs/CVE-2025-56571.yml | 38.6.0 |