Browse all 6 CVE security advisories affecting quickjs-ng. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Quickjs-ng serves as a lightweight JavaScript engine for embedding scripting capabilities in applications. Historically, it has been susceptible to multiple remote code execution vulnerabilities, often stemming from memory corruption issues in its JIT compiler, along with cross-site scripting flaws through improper input sanitization. Privilege escalation risks have also been documented in certain implementations. With six CVEs currently recorded, the project has faced recurring memory safety issues, particularly around type confusion and buffer overflows in its bytecode handling. While no major public incidents have been widely reported, the consistent pattern of memory-related vulnerabilities suggests careful input validation and sandboxing are essential when deploying this engine in security-sensitive environments.
Showing up to 20 recent security advisories. View all →
This page lists every published CVE security advisory associated with quickjs-ng. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.