VulnerableCode Package Details - pkg:npm/mapbox.js@1.3.1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:npm/mapbox.js@1.3.1

Essentials
History (4)

purl	pkg:npm/mapbox.js@1.3.1

Next non-vulnerable version	1.6.6
Latest non-vulnerable version	2.2.4
Risk	3.1

Vulnerabilities affecting this package (4)

Vulnerability	Summary	Fixed by
VCID-32zc-6prw-sugt Aliases: GMS-2015-37	Content Injection via TileJSON attribute Mapbox.js is vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios.	1.6.5 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.1.7 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-ewbm-urr8-c7h1 Aliases: CVE-2017-1000043 GHSA-q69p-5h74-w36f OSV-132871	Content Injection via TileJSON Name in mapbox.js	1.6.6 Affected by 0 other vulnerabilities. 2.2.4 Affected by 0 other vulnerabilities.
VCID-pvfk-ncbn-f3c2 Aliases: CVE-2017-1000042 GHSA-qr28-7j6p-9hmv OSV-129854	Content Injection via TileJSON attribute in mapbox.js	1.6.0-beta0 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 1.6.3 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 1.6.5 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.1.7 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-xxc2-d5xz-ybah Aliases: GMS-2016-6	Content Injection via TileJSON Name Mapbox.js is vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios.	1.6.6 Affected by 0 other vulnerabilities. 2.2.4 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-12T16:53:31.349947+00:00	GitLab Importer	Affected by	VCID-ewbm-urr8-c7h1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/mapbox.js/CVE-2017-1000043.yml	38.6.0
2026-06-12T16:49:26.241903+00:00	GitLab Importer	Affected by	VCID-xxc2-d5xz-ybah	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/mapbox.js/GMS-2016-6.yml	38.6.0
2026-06-12T16:48:55.893122+00:00	GitLab Importer	Affected by	VCID-32zc-6prw-sugt	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/mapbox.js/GMS-2015-37.yml	38.6.0
2026-06-12T15:39:50.041839+00:00	GitLab Importer	Affected by	VCID-pvfk-ncbn-f3c2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/mapbox.js/CVE-2017-1000042.yml	38.6.0