jsish CVE Vulnerabilities & Metrics

Focus on jsish vulnerabilities and metrics.

Last updated: 16 Apr 2025, 22:25 UTC

About jsish Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with jsish. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total jsish CVEs: 52
Earliest CVE date: 20 Aug 2018, 19:31 UTC
Latest CVE date: 07 Feb 2024, 14:15 UTC

Latest CVE reference: CVE-2024-24189

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 0

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): -100.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): -100.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical jsish CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 4.23

Max CVSS: 7.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	6
4.0-6.9	42
7.0-8.9	4
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS jsish CVEs

These are the five CVEs with the highest CVSS scores for jsish, sorted by severity first and recency.

CVE-2020-22875 jsish Published on 13 Jul 2021, 15:15 UTC (CVSS: 7.5)
Integer overflow vulnerability in function Jsi_ObjSetLength in jsish before 3.0.6, allows remote attackers to execute arbitrary code.
CVE-2020-22874 jsish Published on 13 Jul 2021, 15:15 UTC (CVSS: 7.5)
Integer overflow vulnerability in function Jsi_ObjArraySizer in jsish before 3.0.8, allows remote attackers to execute arbitrary code.
CVE-2020-22873 jsish Published on 13 Jul 2021, 15:15 UTC (CVSS: 7.5)
Buffer overflow vulnerability in function NumberToPrecisionCmd in jsish before 3.0.7, allows remote attackers to execute arbitrary code.
CVE-2019-1010177 jsish Published on 24 Jul 2019, 12:15 UTC (CVSS: 7.5)
Jsish 2.4.70 2.047 is affected by: Use After Free. The impact is: denial of service and possibly arbitrary code execution. The component is: function Jsi_RegExpNew (jsi/jsiRegexp.c:39). The attack vector is: executing crafted javascript code. The fixed version is: after commit 48a66c798d.
CVE-2021-46483 jsish Published on 25 Jan 2022, 01:15 UTC (CVSS: 6.8)
Jsish v3.5.0 was discovered to contain a heap buffer overflow via BooleanConstructor at src/jsiBool.c.

All CVEs for jsish

CVE-2024-24189 jsish vulnerability CVSS: 0 07 Feb 2024, 14:15 UTC

Jsish v3.5.0 (commit 42c694c) was discovered to contain a use-after-free via the SplitChar at ./src/jsiUtils.c.

CVE-2024-24188 jsish vulnerability CVSS: 0 07 Feb 2024, 14:15 UTC

Jsish v3.5.0 was discovered to contain a heap-buffer-overflow in ./src/jsiUtils.c.

CVE-2024-24186 jsish vulnerability CVSS: 0 07 Feb 2024, 14:15 UTC

Jsish v3.5.0 (commit 42c694c) was discovered to contain a stack-overflow via the component IterGetKeysCallback at /jsish/src/jsiValue.c.

CVE-2020-23260 jsish vulnerability CVSS: 0 04 Apr 2023, 15:15 UTC

An issue found in Jsish v.3.0.11 and before allows an attacker to cause a denial of service via the StringReplaceCmd function in the src/jsiChar.c file.

CVE-2020-23259 jsish vulnerability CVSS: 0 04 Apr 2023, 15:15 UTC

An issue found in Jsish v.3.0.11 and before allows an attacker to cause a denial of service via the Jsi_Strlen function in the src/jsiChar.c file.

CVE-2020-23258 jsish vulnerability CVSS: 0 04 Apr 2023, 15:15 UTC

An issue found in Jsish v.3.0.11 allows a remote attacker to cause a denial of service via the Jsi_ValueIsNumber function in ./src/jsiValue.c file.

CVE-2021-46507 jsish vulnerability CVSS: 4.3 27 Jan 2022, 21:15 UTC

Jsish v3.5.0 was discovered to contain a stack overflow via Jsi_LogMsg at src/jsiUtils.c.

CVE-2021-46506 jsish vulnerability CVSS: 4.3 27 Jan 2022, 21:15 UTC

There is an Assertion 'v->d.lval != v' failed at src/jsiValue.c in Jsish v3.5.0.

CVE-2021-46505 jsish vulnerability CVSS: 4.3 27 Jan 2022, 21:15 UTC

Jsish v3.5.0 was discovered to contain a stack overflow via /usr/lib/x86_64-linux-gnu/libasan.so.4+0x5b1e5.

CVE-2021-46504 jsish vulnerability CVSS: 4.3 27 Jan 2022, 21:15 UTC

There is an Assertion 'vp != resPtr' failed at jsiEval.c in Jsish v3.5.0.

CVE-2021-46503 jsish vulnerability CVSS: 4.3 27 Jan 2022, 21:15 UTC

Jsish v3.5.0 was discovered to contain a heap-use-after-free via /usr/lib/x86_64-linux-gnu/libasan.so.4+0x79732. This vulnerability can lead to a Denial of Service (DoS).

CVE-2021-46502 jsish vulnerability CVSS: 4.3 27 Jan 2022, 21:15 UTC

Jsish v3.5.0 was discovered to contain a heap-use-after-free via /usr/lib/x86_64-linux-gnu/libasan.so.4+0x5166d. This vulnerability can lead to a Denial of Service (DoS).

CVE-2021-46501 jsish vulnerability CVSS: 4.3 27 Jan 2022, 21:15 UTC

Jsish v3.5.0 was discovered to contain a heap-use-after-free via SortSubCmd in src/jsiArray.c. This vulnerability can lead to a Denial of Service (DoS).

CVE-2021-46500 jsish vulnerability CVSS: 4.3 27 Jan 2022, 21:15 UTC

Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_ArgTypeCheck in src/jsiFunc.c. This vulnerability can lead to a Denial of Service (DoS).

CVE-2021-46499 jsish vulnerability CVSS: 4.3 27 Jan 2022, 21:15 UTC

Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_ValueCopyMove in src/jsiValue.c. This vulnerability can lead to a Denial of Service (DoS).

CVE-2021-46498 jsish vulnerability CVSS: 4.3 27 Jan 2022, 21:15 UTC

Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_wswebsocketObjFree in src/jsiWebSocket.c. This vulnerability can lead to a Denial of Service (DoS).

CVE-2021-46497 jsish vulnerability CVSS: 4.3 27 Jan 2022, 21:15 UTC

Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_UserObjDelete in src/jsiUserObj.c. This vulnerability can lead to a Denial of Service (DoS).

CVE-2021-46496 jsish vulnerability CVSS: 4.3 27 Jan 2022, 21:15 UTC

Jsish v3.5.0 was discovered to contain a heap-use-after-free via Jsi_ObjFree in src/jsiObj.c. This vulnerability can lead to a Denial of Service (DoS).

CVE-2021-46495 jsish vulnerability CVSS: 4.3 27 Jan 2022, 21:15 UTC

Jsish v3.5.0 was discovered to contain a heap-use-after-free via DeleteTreeValue in src/jsiObj.c. This vulnerability can lead to a Denial of Service (DoS).

CVE-2021-46494 jsish vulnerability CVSS: 4.3 27 Jan 2022, 21:15 UTC

Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_ValueLookupBase in src/jsiValue.c. This vulnerability can lead to a Denial of Service (DoS).

CVE-2021-46492 jsish vulnerability CVSS: 4.3 27 Jan 2022, 21:15 UTC

Jsish v3.5.0 was discovered to contain a SEGV vulnerability via Jsi_FunctionInvoke at src/jsiFunc.c. This vulnerability can lead to a Denial of Service (DoS).

CVE-2021-46491 jsish vulnerability CVSS: 4.3 27 Jan 2022, 21:15 UTC

Jsish v3.5.0 was discovered to contain a SEGV vulnerability via Jsi_CommandPkgOpts at src/jsiCmds.c. This vulnerability can lead to a Denial of Service (DoS).

CVE-2021-46490 jsish vulnerability CVSS: 4.3 27 Jan 2022, 21:15 UTC

Jsish v3.5.0 was discovered to contain a SEGV vulnerability via NumberConstructor at src/jsiNumber.c. This vulnerability can lead to a Denial of Service (DoS).

CVE-2021-46489 jsish vulnerability CVSS: 4.3 27 Jan 2022, 21:15 UTC

Jsish v3.5.0 was discovered to contain a heap-use-after-free via Jsi_DecrRefCount in src/jsiValue.c. This vulnerability can lead to a Denial of Service (DoS).

CVE-2021-46488 jsish vulnerability CVSS: 4.3 27 Jan 2022, 21:15 UTC

Jsish v3.5.0 was discovered to contain a SEGV vulnerability via jsi_ArrayConcatCmd at src/jsiArray.c. This vulnerability can lead to a Denial of Service (DoS).

CVE-2021-46487 jsish vulnerability CVSS: 4.3 27 Jan 2022, 21:15 UTC

Jsish v3.5.0 was discovered to contain a SEGV vulnerability via /lib/x86_64-linux-gnu/libc.so.6+0x18e506. This vulnerability can lead to a Denial of Service (DoS).

CVE-2021-46486 jsish vulnerability CVSS: 4.3 27 Jan 2022, 21:15 UTC

Jsish v3.5.0 was discovered to contain a SEGV vulnerability via jsi_ArraySpliceCmd at src/jsiArray.c. This vulnerability can lead to a Denial of Service (DoS).

CVE-2021-46485 jsish vulnerability CVSS: 4.3 27 Jan 2022, 21:15 UTC

Jsish v3.5.0 was discovered to contain a SEGV vulnerability via Jsi_ValueIsNumber at src/jsiValue.c. This vulnerability can lead to a Denial of Service (DoS).

CVE-2021-46484 jsish vulnerability CVSS: 4.3 27 Jan 2022, 21:15 UTC

Jsish v3.5.0 was discovered to contain a heap-use-after-free via Jsi_IncrRefCount in src/jsiValue.c. This vulnerability can lead to a Denial of Service (DoS).

CVE-2021-46483 jsish vulnerability CVSS: 6.8 25 Jan 2022, 01:15 UTC

Jsish v3.5.0 was discovered to contain a heap buffer overflow via BooleanConstructor at src/jsiBool.c.

CVE-2021-46482 jsish vulnerability CVSS: 6.8 25 Jan 2022, 01:15 UTC

Jsish v3.5.0 was discovered to contain a heap buffer overflow via NumberConstructor at src/jsiNumber.c.

CVE-2021-46481 jsish vulnerability CVSS: 4.3 25 Jan 2022, 01:15 UTC

Jsish v3.5.0 was discovered to contain a memory leak via linenoise at src/linenoise.c.

CVE-2021-46480 jsish vulnerability CVSS: 4.3 25 Jan 2022, 01:15 UTC

Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsiValueObjDelete in src/jsiEval.c. This vulnerability can lead to a Denial of Service (DoS).

CVE-2021-46478 jsish vulnerability CVSS: 4.3 25 Jan 2022, 01:15 UTC

Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsiClearStack in src/jsiEval.c. This vulnerability can lead to a Denial of Service (DoS).

CVE-2021-46477 jsish vulnerability CVSS: 4.3 25 Jan 2022, 01:15 UTC

Jsish v3.5.0 was discovered to contain a heap buffer overflow via RegExp_constructor in src/jsiRegexp.c. This vulnerability can lead to a Denial of Service (DoS).

CVE-2021-46475 jsish vulnerability CVSS: 4.3 25 Jan 2022, 01:15 UTC

Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsi_ArraySliceCmd in src/jsiArray.c. This vulnerability can lead to a Denial of Service (DoS).

CVE-2021-46474 jsish vulnerability CVSS: 4.3 25 Jan 2022, 01:15 UTC

Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsiEvalCodeSub in src/jsiEval.c. This vulnerability can lead to a Denial of Service (DoS).

CVE-2020-22907 jsish vulnerability CVSS: 5.0 13 Jul 2021, 15:15 UTC

Stack overflow vulnerability in function jsi_evalcode_sub in jsish before 3.0.18, allows remote attackers to cause a Denial of Service via a crafted value to the execute parameter.

CVE-2020-22875 jsish vulnerability CVSS: 7.5 13 Jul 2021, 15:15 UTC

Integer overflow vulnerability in function Jsi_ObjSetLength in jsish before 3.0.6, allows remote attackers to execute arbitrary code.

CVE-2020-22874 jsish vulnerability CVSS: 7.5 13 Jul 2021, 15:15 UTC

Integer overflow vulnerability in function Jsi_ObjArraySizer in jsish before 3.0.8, allows remote attackers to execute arbitrary code.

CVE-2020-22873 jsish vulnerability CVSS: 7.5 13 Jul 2021, 15:15 UTC

Buffer overflow vulnerability in function NumberToPrecisionCmd in jsish before 3.0.7, allows remote attackers to execute arbitrary code.

CVE-2019-1010172 jsish vulnerability CVSS: 5.0 25 Jul 2019, 14:15 UTC

Jsish 2.4.84 2.0484 is affected by: Uncontrolled Resource Consumption. The impact is: denial of service. The component is: function jsiValueGetString (jsiUtils.c). The attack vector is: executing crafted javascript code. The fixed version is: after commit f3a8096e0ce44bbf36c1dcb6e603adf9c8670c39.

CVE-2019-1010177 jsish vulnerability CVSS: 7.5 24 Jul 2019, 12:15 UTC

Jsish 2.4.70 2.047 is affected by: Use After Free. The impact is: denial of service and possibly arbitrary code execution. The component is: function Jsi_RegExpNew (jsi/jsiRegexp.c:39). The attack vector is: executing crafted javascript code. The fixed version is: after commit 48a66c798d.

CVE-2019-1010173 jsish vulnerability CVSS: 5.0 23 Jul 2019, 15:15 UTC

Jsish 2.4.84 2.0484 is affected by: Reachable Assertion. The impact is: denial of service. The component is: function Jsi_ValueArrayIndex (jsiValue.c:366). The attack vector is: executing crafted javascript code. The fixed version is: after commit 738ead193aff380a7e3d7ffb8e11e446f76867f3.

CVE-2019-1010171 jsish vulnerability CVSS: 5.0 23 Jul 2019, 14:15 UTC

Jsish 2.4.83 2.0483 is affected by: Nullpointer dereference. The impact is: denial of service. The component is: function jsi_DumpFunctions (jsiEval.c:567). The attack vector is: executing crafted javascript code. The fixed version is: 2.4.84.

CVE-2019-1010170 jsish vulnerability CVSS: 5.0 23 Jul 2019, 14:15 UTC

Jsish 2.4.77 2.0477 is affected by: Use After Free. The impact is: denial of service. The component is: function Jsi_ObjFree (jsiObj.c:230). The attack vector is: executing crafted javascript code. The fixed version is: 2.4.78.

CVE-2019-1010169 jsish vulnerability CVSS: 5.0 23 Jul 2019, 14:15 UTC

Jsish 2.4.77 2.0477 is affected by: Out-of-bounds Read. The impact is: denial of service. The component is: function lexer_getchar (jsiLexer.c:9). The attack vector is: executing crafted javascript code. The fixed version is: 2.4.78.

CVE-2019-1010162 jsish vulnerability CVSS: 4.3 23 Jul 2019, 14:15 UTC

jsish 2.4.74 2.0474 is affected by: CWE-476: NULL Pointer Dereference. The impact is: denial of service. The component is: function Jsi_StrcmpDict (jsiChar.c:121). The attack vector is: The victim must execute crafted javascript code. The fixed version is: 2.4.77.

CVE-2018-1000668 jsish vulnerability CVSS: 4.3 06 Sep 2018, 17:29 UTC

jsish version 2.4.70 2.047 contains a CWE-125: Out-of-bounds Read vulnerability in function jsi_ObjArrayLookup (jsiObj.c:274) that can result in Crash due to segmentation fault. This attack appear to be exploitable via The victim must execute crafted javascript code. This vulnerability appears to have been fixed in 2.4.71.

CVE-2018-1000663 jsish vulnerability CVSS: 4.3 06 Sep 2018, 17:29 UTC

jsish version 2.4.70 2.047 contains a Buffer Overflow vulnerability in function _jsi_evalcode from jsiEval.c that can result in Crash due to segmentation fault. This attack appear to be exploitable via The victim must execute crafted javascript code.

CVE-2018-1000661 jsish vulnerability CVSS: 4.3 06 Sep 2018, 17:29 UTC

jsish version 2.4.67 contains a CWE-476: NULL Pointer Dereference vulnerability in Jsi_LogMsg (jsiUtils.c:196) that can result in Crash due to segmentation fault. This attack appear to be exploitable via the victim executing specially crafted javascript code. This vulnerability appears to have been fixed in 2.4.69.

CVE-2018-1000655 jsish vulnerability CVSS: 4.3 20 Aug 2018, 19:31 UTC

Jsish version 2.4.65 contains a CWE-476: NULL Pointer Dereference vulnerability in Function jsi_ValueCopyMove from jsiValue.c:240 that can result in Crash due to segmentation fault. This attack appear to be exploitable via a crafted javascript code. This vulnerability appears to have been fixed in 2.4.67.