Description
billboard.js before 3.15.1 was discovered to contain a prototype pollution via the function generate, which could allow attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.
Recommendation
Update the billboard.js package to the latest compatible version. Followings are version details:
- Affected version(s): < 3.15.1
- Patched version(s): 3.15.1
References
Related Issues
- Axios is vulnerable to DoS attack through lack of data size check - CVE-2025-58754
- XSS in jQuery as used in Drupal, Backdrop CMS, and other products - CVE-2019-11358
- Bootstrap Vulnerable to Cross-Site Scripting (GHSA-9v3m-8fp8-mj99) - CVE-2019-8331
- Unauthenticated Denial of Service in the octokit/webhooks library - CVE-2023-50728
- Tags:
- npm
- billboard.js
Anything's wrong? Let us know Last updated on July 29, 2025