javascript
javascript
- CVE-2026-6734 - Impact When using Socks5ProxyAgent security control bypass
- GHSA-72R4-9C5J-MJ57 - pnpm security control bypass
- GHSA-FR4H-3CPH-29XV - pnpm security control bypass
- GHSA-QRV3-253H-G69C - pnpm path traversal
- CVE-2025-12735 - expr-eval context function RCE
- CVE-2026-41507 - math-codegen string literal RCE
- JavaScript `eval()` / `new Function()` on untrusted input
- Prototype pollution — `merge`, `assign`, and friends