pkg:Debian/quickjs

20 total CVEsCRITICAL1HIGH14MEDIUM4LOW1

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.8CVE-2026-0821A vulnerability was determined in quickjs-ng quickjs up to 0.11.0.
    from 0
  • HIGH8.8CVE-2026-1145A flaw has been found in quickjs-ng quickjs up to 0.11.0.
    from 0
  • HIGH8.8CVE-2026-1144A vulnerability was detected in quickjs-ng quickjs up to 0.11.0.
    from 0
  • HIGH8.8CVE-2026-0822A vulnerability was identified in quickjs-ng quickjs up to 0.11.0.
    from 0
  • HIGH8.8CVE-2025-62496A vulnerability exists in the QuickJS engine's BigInt string parsing logic (js_bigint_from_string) when attempting to create a BigInt from…
    from 0
  • HIGH8.8CVE-2025-62495An integer overflow vulnerability exists in the QuickJS regular expression engine (libregexp) due to an inconsistent representation of the…
    from 0
  • HIGH8.8CVE-2025-62494A type confusion vulnerability exists in the handling of the string addition (+) operation within the QuickJS engine.
    from 0
  • HIGH8.8CVE-2025-62491A Use-After-Free (UAF) vulnerability exists in the QuickJS engine's standard library when iterating over the global list of unhandled rejec…
    from 0
  • HIGH8.8CVE-2025-62490In quickjs, in js_print_object, when printing an array, the function first fetches the array length and then loops over it.
    from 0
  • HIGH8.4CVE-2025-46688quickjs-ng through 0.9.0 has an incorrect size calculation in JS_ReadBigInt for a BigInt, leading to a heap-based buffer overflow.
    from 0, < 2025.04.26-1
  • HIGH7.8CVE-2025-12745A weakness has been identified in QuickJS up to eb2c89087def1829ed99630cb14b549d7a98408c.
    from 0
  • HIGH7.8CVE-2025-46687quickjs-ng through 0.9.0 has a missing length check in JS_ReadString for a string, leading to a heap-based buffer overflow.
    from 0, < 2025.04.26-1
  • HIGH7.5CVE-2025-69654A crafted JavaScript input executed with the QuickJS release 2025-09-13, fixed in commit fcd33c1afa7b3028531f53cd1190a3877454f6b3 (2025-12-…
    from 0
  • HIGH7.5CVE-2024-13903A vulnerability was found in quickjs-ng QuickJS up to 0.8.0.
    from 0
  • HIGH7.5CVE-2023-48183QuickJS before c4cdd61 has a build_for_in_iterator NULL pointer dereference because of an erroneous lexical scope of "this" with eval.
    from 0, < 2024.01.13-1
  • MEDIUM6.5CVE-2025-69653A crafted JavaScript input can trigger an internal assertion failure in QuickJS release 2025-09-13, fixed in commit 1dbba8a88eaa40d15a8a9b7…
    from 0
  • MEDIUM6.5CVE-2025-62493A vulnerability exists in the QuickJS engine's BigInt string conversion logic (js_bigint_to_string1) due to an incorrect calculation of the…
    from 0
  • MEDIUM6.5CVE-2025-62492A vulnerability stemming from floating-point arithmetic precision errors exists in the QuickJS engine's implementation of TypedArray.protot…
    from 0
  • MEDIUM4.0CVE-2024-33263QuickJS commit 3b45d15 was discovered to contain an Assertion Failure via JS_FreeRuntime(JSRuntime *) at quickjs.c.
    from 0, < 2024.01.13-5
  • LOW3.9CVE-2023-48184QuickJS before 7414e5f has a quickjs.h JS_FreeValueRT use-after-free because of incorrect garbage collection of async functions with closur…
    from 0, < 2024.01.13-1