Quickjs_project Quickjs

14 CVEs affecting Quickjs_project Quickjs. Latest disclosed: 2026-03-06. Critical: 0, High: 9.

Top CVEs affecting Quickjs_project Quickjs
CVESeverityScorePublishedSummary
CVE-2025-62496High8.82025-10-16A vulnerability exists in the QuickJS engine's BigInt string parsing logic (js_bigint_from_string) when attempting to create a BigInt from a string with an exc…
CVE-2025-62495High8.82025-10-16An integer overflow vulnerability exists in the QuickJS regular expression engine (libregexp) due to an inconsistent representation of the bytecode buffer size…
CVE-2025-62494High8.82025-10-16A type confusion vulnerability exists in the handling of the string addition (+) operation within the QuickJS engine. * The code first checks if the left-h…
CVE-2025-62491High8.82025-10-16A Use-After-Free (UAF) vulnerability exists in the QuickJS engine's standard library when iterating over the global list of unhandled rejected promises (ts->re…
CVE-2025-62490High8.82025-10-16In quickjs, in js_print_object, when printing an array, the function first fetches the array length and then loops over it. The issue is, printing a value is n…
CVE-2025-69654High7.52026-03-06A crafted JavaScript input executed with the QuickJS release 2025-09-13, fixed in commit fcd33c1afa7b3028531f53cd1190a3877454f6b3 (2025-12-11),`qjs` interprete…
CVE-2023-48183High7.52024-04-23QuickJS before c4cdd61 has a build_for_in_iterator NULL pointer dereference because of an erroneous lexical scope of "this" with eval.
CVE-2023-31922High7.52023-05-12QuickJS commit 2788d71 was discovered to contain a stack-overflow via the component js_proxy_isArray at quickjs.c.
CVE-2020-22876High7.52021-07-13Buffer Overflow vulnerability in quickjs.c in QuickJS, allows remote attackers to cause denial of service. This issue is resolved in the 2020-07-05 release.
CVE-2025-69653Medium6.52026-03-06A crafted JavaScript input can trigger an internal assertion failure in QuickJS release 2025-09-13, fixed in commit 1dbba8a88eaa40d15a8a9b70bb1a0b8fb5b552e6 (2…
CVE-2025-62493Medium6.52025-10-16A vulnerability exists in the QuickJS engine's BigInt string conversion logic (js_bigint_to_string1) due to an incorrect calculation of the required number of…
CVE-2025-62492Medium6.52025-10-16A vulnerability stemming from floating-point arithmetic precision errors exists in the QuickJS engine's implementation of TypedArray.prototype.indexOf() when a…
CVE-2025-46688Medium5.62025-04-27quickjs-ng through 0.9.0 has an incorrect size calculation in JS_ReadBigInt for a BigInt, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is…
CVE-2023-48184Low3.92024-04-23QuickJS before 7414e5f has a quickjs.h JS_FreeValueRT use-after-free because of incorrect garbage collection of async functions with closures.