Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

quickjs — Vulnerabilities & Security Advisories 16

All 16 CVE vulnerabilities found in quickjs, with AI-generated Chinese analysis, references, and POCs.

This page documents Common Weakness Enumeration vulnerabilities affecting the QuickJS JavaScript engine developed by Sandia Technologies. It aggregates security flaws discovered within the QuickJS product, focusing on implementation errors that may lead to unauthorized code execution, memory corruption, or denial of service. The collected data encompasses vulnerability reports and advisory disclosures spanning from the engine's initial public releases through the most recent security updates, ensuring a comprehensive historical record of identified weaknesses. Visitors to this resource can track vendor-specific advisories released by Sandia Technologies to stay informed about critical patches and mitigation strategies. The page also provides a detailed analysis of specific weakness classes, allowing security researchers and developers to understand the underlying technical causes and potential impacts of these flaws. Furthermore, users can look up QuickJS’s complete vulnerability history, examining how the project’s security posture has evolved over time and identifying recurring patterns in bug reports. This structured aggregation supports effective risk assessment and prioritization for teams relying on QuickJS for embedded scripting, web browsers, or other JavaScript execution environments. By consolidating disparate sources of vulnerability information into a single accessible interface, the page facilitates efficient monitoring of the product’s security landscape. It serves as a reference for understanding the severity and scope of past incidents, helping stakeholders make informed decisions regarding upgrades, configuration changes, or architectural adaptations. The content is curated to highlight significant findings without overwhelming users with redundant or low-impact data.

Vendor: quickjs-ng

CVE IDTitleCVSSSeverityPublished
CVE-2026-3979 quickjs-ng quickjs quickjs.c js_iterator_concat_return use after free CWE-416 5.3 Medium2026-03-12
CVE-2026-1145 quickjs-ng quickjs quickjs.c js_typed_array_constructor_ta heap-based overflow CWE-122 6.3 Medium2026-01-19
CVE-2026-1144 quickjs-ng quickjs Atomics Ops quickjs.c use after free CWE-416 6.3 Medium2026-01-19
CVE-2026-0822 quickjs-ng quickjs quickjs.c js_typed_array_sort heap-based overflow CWE-122 6.3 Medium2026-01-10
CVE-2026-0821 quickjs-ng quickjs quickjs.c js_typed_array_constructor heap-based overflow CWE-122 7.3 High2026-01-10
CVE-2025-12745 QuickJS quickjs.c js_array_buffer_slice buffer over-read CWE-126 5.3 Medium2025-11-05
CVE-2025-62496 Integer overflow in js_bigint_from_string in QuickJS CWE-190 7.5AIHighAI2025-10-16
CVE-2025-62495 Type confusion in string addition in QuickJS CWE-191 9.8AICriticalAI2025-10-16
CVE-2025-62494 Type confusion in string addition in QuickJS CWE-704 9.8AICriticalAI2025-10-16
CVE-2025-62493 Heap out-of-bounds read in js_bigint_to_string1 in QuickJS CWE-125--AI2025-10-16
CVE-2025-62492 Heap out-of-bounds read in js_typed_array_indexOf in QuickJS CWE-125 5.9AIMediumAI2025-10-16
CVE-2025-62491 Use-after-free in js_std_promise_rejection_check in QuickJS CWE-416 9.1AICriticalAI2025-10-16
CVE-2025-62490 Use-after-free in js_print_object in QuickJS CWE-416 9.8AICriticalAI2025-10-16
CVE-2025-46687 QuickJS 安全漏洞 CWE-770 5.6 Medium2025-04-27
CVE-2025-46688 QuickJS 安全漏洞 CWE-131 5.6 Medium2025-04-27
CVE-2024-13903 quickjs-ng QuickJS qjs quickjs.c JS_GetRuntime stack-based overflow CWE-121 4.3 Medium2025-03-21

All 16 known CVE vulnerabilities affecting quickjs with full Chinese analysis, references, and POCs where available.