VulnerableCode Package Details - pkg:npm/safe-eval@0.3.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-f53c-csbx-sfd7 Aliases: CVE-2017-16088 GHSA-ww6v-677g-p656	Improper Input Validation By accessing the object constructors, un-sanitized user input can access the entire standard library and effectively break out of the sandbox.	0.4.0 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-kng7-pxcx-vycx Aliases: GMS-2017-187	Sandbox Breakout By accessing the object constructors, un-sanitized user input can access the entire standard library and effectively break out of the sandbox.	There are no reported fixed by versions.
VCID-pegh-rtxa-k7d6 Aliases: CVE-2020-7710 GHSA-hrpq-r399-whgw	Improper Privilege Management This affects all versions of package safe-eval. It is possible for an attacker to run an arbitrary command on the host machine.	There are no reported fixed by versions.
VCID-ywrn-mga5-uubt Aliases: GHSA-9pcf-h8q9-63f6 GMS-2020-766	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in safe-eval.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-f53c-csbx-sfd7
Aliases:
CVE-2017-16088
GHSA-ww6v-677g-p656

Improper Input Validation By accessing the object constructors, un-sanitized user input can access the entire standard library and effectively break out of the sandbox.

0.4.0
Affected by 2 other vulnerabilities.

VCID-kng7-pxcx-vycx
Aliases:
GMS-2017-187

Sandbox Breakout By accessing the object constructors, un-sanitized user input can access the entire standard library and effectively break out of the sandbox.

There are no reported fixed by versions.

VCID-pegh-rtxa-k7d6
Aliases:
CVE-2020-7710
GHSA-hrpq-r399-whgw

Improper Privilege Management This affects all versions of package safe-eval. It is possible for an attacker to run an arbitrary command on the host machine.

There are no reported fixed by versions.

VCID-ywrn-mga5-uubt
Aliases:
GHSA-9pcf-h8q9-63f6
GMS-2020-766

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in safe-eval.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-04T20:36:49.723183+00:00	GitLab Importer	Affected by	VCID-ywrn-mga5-uubt	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/safe-eval/GMS-2020-766.yml	38.6.0
2026-06-04T20:34:25.375028+00:00	GitLab Importer	Affected by	VCID-pegh-rtxa-k7d6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/safe-eval/CVE-2020-7710.yml	38.6.0
2026-06-04T20:08:40.699233+00:00	GitLab Importer	Affected by	VCID-kng7-pxcx-vycx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/safe-eval/GMS-2017-187.yml	38.6.0
2026-06-02T04:37:52.205129+00:00	GitLab Importer	Affected by	VCID-f53c-csbx-sfd7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/safe-eval/CVE-2017-16088.yml	38.6.0