Search for packages
| purl | pkg:npm/safe-eval@0.4.2 |
| Tags | Ghost |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-6ddq-agvr-zuhf
Aliases: CVE-2023-26122 GHSA-79xf-67r4-q2jj |
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') All versions of the package safe-eval is vulnerable to Sandbox Bypass due to improper input sanitization. The vulnerability is derived from prototype pollution exploitation. Exploiting this vulnerability might result in remote code execution ("RCE"). **Vulnerable functions:** __defineGetter__, stack(), toLocaleString(), propertyIsEnumerable.call(), valueOf(). | There are no reported fixed by versions. |
|
VCID-jfqz-zcs9-2yby
Aliases: CVE-2023-26121 GHSA-hcg3-56jf-x4vh |
safe-eval vulnerable to Prototype Pollution via the safeEval function All versions of the package safe-eval is vulnerable to Prototype Pollution via the safeEval function, due to improper sanitization of its parameter content. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-07T20:48:50.272670+00:00 | GHSA Importer | Affected by | VCID-6ddq-agvr-zuhf | https://github.com/advisories/GHSA-79xf-67r4-q2jj | 38.6.0 |
| 2026-06-07T20:48:50.236420+00:00 | GHSA Importer | Affected by | VCID-jfqz-zcs9-2yby | https://github.com/advisories/GHSA-hcg3-56jf-x4vh | 38.6.0 |
| 2026-06-02T04:44:29.201380+00:00 | GitLab Importer | Affected by | VCID-6ddq-agvr-zuhf | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/safe-eval/CVE-2023-26122.yml | 38.6.0 |