VulnerableCode Vulnerability Details - VCID-euca-p6r7-u7g5

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-euca-p6r7-u7g5

Essentials
Severities (4)
References (4)
Severity details (4)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-euca-p6r7-u7g5
Aliases	GHSA-qq6h-5g6j-q3cm GMS-2022-7288
Summary	sweetalert2 v11.4.9 and above contains hidden functionality `sweetalert2` versions 11.4.9 and above are vulnerable to hidden functionality that was introduced by the maintainer. The package outputs audio and/or video messages that do not pertain to the functionality of the package and is not included in versions 11.0.0 - 11.4.8. ### Workaround Use a version 11.0.0 - 11.4.8 of the package until the maintainer releases a fix.
Status	Published
Exploitability	0.5
Weighted Severity	2.7
Risk	1.4
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-912	Hidden Functionality
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1_qr	LOW	https://github.com/advisories/GHSA-qq6h-5g6j-q3cm
generic_textual	LOW	https://github.com/sweetalert2/sweetalert2
generic_textual	LOW	https://github.com/sweetalert2/sweetalert2/releases/tag/v11.4.9
generic_textual	LOW	https://www.npmjs.com/package/sweetalert2

Reference id	Reference type	URL
		https://github.com/sweetalert2/sweetalert2
		https://github.com/sweetalert2/sweetalert2/releases/tag/v11.4.9
		https://www.npmjs.com/package/sweetalert2
GHSA-qq6h-5g6j-q3cm		https://github.com/advisories/GHSA-qq6h-5g6j-q3cm

No exploits are available.

No EPSS data available for this vulnerability.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-04T17:52:44.834816+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-qq6h-5g6j-q3cm/GHSA-qq6h-5g6j-q3cm.json	38.6.0