A critical vm2 Node.js vulnerability (CVE-2026-22709, CVSS 9.8) allows sandbox escape via Promise handler bypass.

Sandbox escape vulnerability in vm2, used by nearly 900 NPM packages, allows attackers to bypass security protections and ...

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. In this episode, Thomas Betts chats with ...

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system.

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Traditional caching fails to stop "thundering ...

In modern web applications based on open-sourced libraries, often times developers are not aware of just how much dependency there is on risky third-party software packages. Guy Podjarny (pictured), ...

Paving the way for more server-side use of JavaScript, platform-as-a-service (PaaS) provider Engine Yard has added the Node.js library to its collection of hosted Web application tools. The service, ...

Although it is just three years old, Node.js is gaining traction as an application development platform, letting developers extend JavaScript beyond the browser and into servers. But questions remain ...

Researchers at Johns Hopkins University recently uncovered a startling 180 zero-day vulnerabilities across thousands of Node.js libraries using a new code analysis tool they developed specifically for ...

Node.js is an open source, cross-platform runtime environment for building server side and networking applications using JavaScript. Node.js provides an asynchronous, event driven framework to build ...