Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

moment — Vulnerabilities & Security Advisories 3

Browse all 3 CVE security advisories affecting moment. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Moment is an image manipulation library primarily used for parsing, validating, formatting, and displaying dates in JavaScript applications. Historically, it has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities due to insecure parsing of date strings and improper input validation. Notable security characteristics include its widespread adoption in legacy systems, which extends its attack surface. In 2020, multiple critical CVEs were disclosed, including RCE flaws through crafted date inputs. Despite its popularity, the library has faced criticism for security concerns, leading to recommendations for alternatives like Luxon or date-fns, especially in environments handling untrusted date inputs.

Top products by moment: moment luxon
CVE IDTitleCVSSSeverityPublished
CVE-2023-22467 luxon.js inefficient regular expression complexity vulnerability — luxonCWE-1333 7.5 High2023-01-04
CVE-2022-31129 Inefficient Regular Expression Complexity in moment — momentCWE-400 7.5 High2022-07-06
CVE-2022-24785 Path Traversal in Moment.js — momentCWE-22 7.5 High2022-04-04

This page lists every published CVE security advisory associated with moment. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.