Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:npm/mapbox.js@1.6.3
purl pkg:npm/mapbox.js@1.6.3
Next non-vulnerable version 1.6.6
Latest non-vulnerable version 2.2.4
Risk
Vulnerabilities affecting this package (3)
Vulnerability Summary Fixed by
VCID-4eaj-9htz-duc1
Aliases:
CVE-2017-1000043
GHSA-q69p-5h74-w36f
OSV-132871
Cross-site Scripting Mapbox is vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via `TileJSON` name and map share control
1.6.6
Affected by 0 other vulnerabilities.
2.2.4
Affected by 0 other vulnerabilities.
VCID-hpnn-msqc-pkaw
Aliases:
GMS-2016-6
Content Injection via TileJSON Name Mapbox.js is vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios.
1.6.6
Affected by 0 other vulnerabilities.
2.2.4
Affected by 0 other vulnerabilities.
VCID-jcyz-4cpv-7yby
Aliases:
GMS-2015-37
Content Injection via TileJSON attribute Mapbox.js is vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios.
1.6.5
Affected by 2 other vulnerabilities.
2.1.7
Affected by 2 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-2auu-6kv1-qfbu Cross-site Scripting Mapbox is vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via `TileJSON` Name. CVE-2017-1000042
GHSA-qr28-7j6p-9hmv
OSV-129854

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-04T20:08:16.350251+00:00 GitLab Importer Affected by VCID-4eaj-9htz-duc1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/mapbox.js/CVE-2017-1000043.yml 38.6.0
2026-06-04T20:05:26.509343+00:00 GitLab Importer Affected by VCID-hpnn-msqc-pkaw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/mapbox.js/GMS-2016-6.yml 38.6.0
2026-06-04T20:05:08.442050+00:00 GitLab Importer Affected by VCID-jcyz-4cpv-7yby https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/mapbox.js/GMS-2015-37.yml 38.6.0
2026-06-02T04:36:59.009079+00:00 GitLab Importer Fixing VCID-2auu-6kv1-qfbu https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/mapbox.js/CVE-2017-1000042.yml 38.6.0