Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:npm/ses@1.12.0
purl pkg:npm/ses@1.12.0
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-kam2-215b-guh6 SES safely executes third-party JavaScript 'strict' mode programs in compartments that have no excess authority in their global scope. Prior to version 1.12.0, web pages and web extensions using `ses` and the Compartment API to evaluate third-party code in an isolated execution environment that have also elsewhere used `const`, `let`, and `class` bindings in the top-level scope of a `<script>` tag will have inadvertently revealed these bindings in the lexical scope of third-party code. This issue has been patched in version 1.12.0. Workarounds for this issue involve either avoiding top-level `let`, `const`, or `class` bindings in `<script>` tags, or change these to `var` bindings to be reflected on `globalThis`. CVE-2025-32792
GHSA-h9w6-f932-gq62

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-15T01:55:19.227924+00:00 GHSA Importer Fixing VCID-kam2-215b-guh6 https://github.com/advisories/GHSA-h9w6-f932-gq62 38.6.0
2026-06-12T19:59:26.501071+00:00 GitLab Importer Fixing VCID-kam2-215b-guh6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/ses/CVE-2025-32792.yml 38.6.0
2026-06-12T07:52:43.503193+00:00 GithubOSV Importer Fixing VCID-kam2-215b-guh6 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/04/GHSA-h9w6-f932-gq62/GHSA-h9w6-f932-gq62.json 38.6.0