CWE-913
Improper Control of Dynamically-Managed Code Resources
MITRENo catalog description on file. The MITRE CWE site has the canonical reference.
CVEs (total)
5
Critical
2
High
0
Medium
0
Low
0
Severity distribution
Recent CVEs
showing 5 of 5- CVE-2026-47131Critical· 10.0EPSS 0%8 h ago
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, by combining Buffer.call.call({}.__lookupGetter__, Buffer, "__proto__"), Buffer.call.call({}.__lookupSetter__, Buffer, "__proto__"), and Node.js's ERR_INVALID_ARG_TYPE E
npm - CVE-2026-47210—EPSS 0%16 h ago
vm2 sandbox escape via JSPI-backed Promise `.finally()` species bypass
npm - CVE-2026-47208—EPSS 0%16 h ago
vm2 is Vulnerable to Sandbox Breakout Through Promise Species
npm - CVE-2026-47137—EPSS 0%16 h ago
vm2 has a CVE-2023-37903 patch bypass: nesting:true without explicit require still allows full RCE
npm - CVE-2025-68613Critical· 9.9KEVEXPLOITEPSS 68%20 h ago
n8n Improper Control of Dynamically-Managed Code Resources Vulnerability
CWE catalog data sourced from MITRE. CVE associations come from NVD weakness mappings; some CVEs carry multiple CWEs.