Vm2

This hub aggregates every CVE we track for Vm2, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Vm2.

• CVE-2026-47210vm2 sandbox escape via JSPI-backed Promise `.finally()` species bypass9.8Jun 12, 2026
• CVE-2026-47208vm2: Sandbox Breakout Using Promise Species10.0Jun 12, 2026
• CVE-2026-47140vm2: NodeVM builtin denylist bypass via process and inspector/promises allows host code execution10.0Jun 12, 2026
• CVE-2026-47139vm2: NodeVM network builtin exclusions bypass via internal _http_client and _http_server8.6Jun 12, 2026
• CVE-2026-47137vm2: GHSA-8hg8-63c5-gwmx patch bypass: nesting:true without explicit require still allows full RCE10.0Jun 12, 2026
• CVE-2026-47135vm2: Sandbox escape via unblocked cross-realm Symbol.for keys + missing bridge write-trap symbol checks8.7Jun 12, 2026
• CVE-2026-47131vm2: Sandbox Escape10.0Jun 12, 2026
• CVE-2026-47209vm2: Bridge Proxy set trap ignores receiver parameter, enabling host object property injection via prototype chain8.6Jun 12, 2026
• CVE-2026-44005vm2: Sandbox escape10.0May 13, 2026
• CVE-2026-45411vm2: Sandbox Breakout Using Async Generator9.8May 13, 2026
• CVE-2026-44009vm2: Sandbox Breakout Through Null Proto Exception9.8May 13, 2026
• CVE-2026-44008vm2: Snabox breakout via `neutralizeArraySpeciesBatch`9.8May 13, 2026
• CVE-2026-44007vm2: nesting: true bypasses require: false, allowing sandbox escape to arbitrary OS command execution9.1May 13, 2026
• CVE-2026-44006vm2: Sandbox Escape10.0May 13, 2026
• CVE-2026-44004vm2: Host Process OOM DoS via Buffer.alloc (Timeout Bypass)7.5May 13, 2026