CVE-2026-1513

Description

billboard.js before 3.18.0 allows an attacker to execute malicious JavaScript due to improper sanitization during chart option binding.

Affected packages (1)

• npm/billboard.jsfrom 0, < 3.18.0

CVSS scores

References (5)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2026-1513
• PATCHhttps://github.com/naver/billboard.js
• WEBhttps://cve.naver.com/detail/cve-2026-1513.html
• WEBhttps://github.com/naver/billboard.js/commit/49e079cdd466fc8ba7ab208988181e5b7a5f336b
• WEBhttps://github.com/naver/billboard.js/issues/4078