Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

nyariv — Vulnerabilities & Security Advisories 13

Browse all 13 CVE security advisories affecting nyariv. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Nyariv is a software component primarily used for data processing and workflow automation in enterprise environments. Historically, it has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, with 13 CVEs documented. Security researchers have identified consistent flaws in input validation and access control mechanisms. While no major public incidents have been widely reported, the accumulation of CVEs suggests potential risks in production environments. Organizations using Nyariv should prioritize timely patching and implement additional security controls, particularly for internet-facing deployments, to mitigate exploitation risks.

Top products by nyariv: sandboxjs
CVE IDTitleCVSSSeverityPublished
CVE-2026-34217 SandboxJS has a Sandbox Escape via Prop Object Leak in New Handler — SandboxJSCWE-668 9.3AICriticalAI2026-04-06
CVE-2026-34211 SandboxJS: Stack overflow DoS via deeply nested expressions in recursive descent parser — SandboxJSCWE-674 7.5AIHighAI2026-04-06
CVE-2026-34208 SandboxJS: Sandbox integrity escape — SandboxJSCWE-693 10.0 Critical2026-04-06
CVE-2026-32723 SandboxJS timers have an execution-quota bypass (cross-sandbox currentTicks race) — SandboxJSCWE-362 9.8 -2026-03-18
CVE-2026-26954 SandboxJS has a Sandbox Escape — SandboxJSCWE-94 10.0 Critical2026-03-13
CVE-2026-25881 @nyariv/sandboxjs has host prototype pollution from sandbox via array intermediary (sandbox escape) — SandboxJSCWE-1321 9.1 Critical2026-02-09
CVE-2026-25586 SandboxJS has a Sandbox Escape via Prototype Whitelist Bypass and Host Prototype Pollution — SandboxJSCWE-74 10.0 Critical2026-02-06
CVE-2026-25520 SandboxJS has a Sandbox Escape — SandboxJSCWE-74 10.0 Critical2026-02-06
CVE-2026-25587 SandboxJS has a Sandbox Escape — SandboxJSCWE-94 10.0 Critical2026-02-06
CVE-2026-25641 SandboxJS has a sandbox escape via TOCTOU bug on keys in property accesses — SandboxJSCWE-367 10.0 Critical2026-02-06
CVE-2026-25142 SandboxJS Prototype Pollution -> Sandbox Escape -> RCE — SandboxJSCWE-94 10.0 Critical2026-02-02
CVE-2026-23830 SandboxJS has Sandbox Escape via Unprotected AsyncFunction Constructor — SandboxJSCWE-94 10.0 Critical2026-01-27
CVE-2025-34146 nyariv sandboxjs 0.8.23 Prototype Pollution Sandbox Escape DoS — sandboxjsCWE-1321 9.8AICriticalAI2025-07-31

This page lists every published CVE security advisory associated with nyariv. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.