Browse all 6 CVE security advisories affecting quickjs-ng. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Quickjs-ng serves as a lightweight JavaScript engine for embedding scripting capabilities in applications. Historically, it has been susceptible to multiple remote code execution vulnerabilities, often stemming from memory corruption issues in its JIT compiler, along with cross-site scripting flaws through improper input sanitization. Privilege escalation risks have also been documented in certain implementations. With six CVEs currently recorded, the project has faced recurring memory safety issues, particularly around type confusion and buffer overflows in its bytecode handling. While no major public incidents have been widely reported, the consistent pattern of memory-related vulnerabilities suggests careful input validation and sandboxing are essential when deploying this engine in security-sensitive environments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-3979 | quickjs-ng quickjs quickjs.c js_iterator_concat_return use after free — quickjsCWE-416 | 5.3 | Medium | 2026-03-12 |
| CVE-2026-1145 | quickjs-ng quickjs quickjs.c js_typed_array_constructor_ta heap-based overflow — quickjsCWE-122 | 6.3 | Medium | 2026-01-19 |
| CVE-2026-1144 | quickjs-ng quickjs Atomics Ops quickjs.c use after free — quickjsCWE-416 | 6.3 | Medium | 2026-01-19 |
| CVE-2026-0822 | quickjs-ng quickjs quickjs.c js_typed_array_sort heap-based overflow — quickjsCWE-122 | 6.3 | Medium | 2026-01-10 |
| CVE-2026-0821 | quickjs-ng quickjs quickjs.c js_typed_array_constructor heap-based overflow — quickjsCWE-122 | 7.3 | High | 2026-01-10 |
| CVE-2024-13903 | quickjs-ng QuickJS qjs quickjs.c JS_GetRuntime stack-based overflow — QuickJSCWE-121 | 4.3 | Medium | 2025-03-21 |
This page lists every published CVE security advisory associated with quickjs-ng. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.