VulnerableCode Package Details - pkg:npm/mapbox.js@1.6.6

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:npm/mapbox.js@1.6.6

Essentials
History (4)

purl	pkg:npm/mapbox.js@1.6.6

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (2)

Vulnerability	Summary	Aliases
VCID-ewbm-urr8-c7h1	Content Injection via TileJSON Name in mapbox.js	CVE-2017-1000043 GHSA-q69p-5h74-w36f OSV-132871
VCID-xxc2-d5xz-ybah	Content Injection via TileJSON Name Mapbox.js is vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios.	GMS-2016-6

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-12T15:39:49.037928+00:00	GitLab Importer	Fixing	VCID-ewbm-urr8-c7h1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/mapbox.js/CVE-2017-1000043.yml	38.6.0
2026-06-12T15:39:20.221018+00:00	GitLab Importer	Fixing	VCID-xxc2-d5xz-ybah	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/mapbox.js/GMS-2016-6.yml	38.6.0
2026-06-12T08:10:08.166777+00:00	GithubOSV Importer	Fixing	VCID-ewbm-urr8-c7h1	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/11/GHSA-q69p-5h74-w36f/GHSA-q69p-5h74-w36f.json	38.6.0
2026-06-11T20:24:49.355600+00:00	GHSA Importer	Fixing	VCID-ewbm-urr8-c7h1	https://github.com/advisories/GHSA-q69p-5h74-w36f	38.6.0