Description
billboard.js before 3.15.1 was discovered to contain a prototype pollution via the function generate, which could allow attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.
Recommendation
Update the billboard.js package to the latest compatible version. Followings are version details:
- Affected version(s): < 3.15.1
- Patched version(s): 3.15.1
References
Related Issues
- tarteaucitron.js allows prototype pollution via custom text injection - CVE-2025-31475
- Linkify Allows Prototype Pollution & HTML Attribute Injection (XSS) - CVE-2025-8101
- jsonic was discovered to contain a prototype pollution via the function empty. - CVE-2024-38993
- mockjs vulnerable to Prototype Pollution via the Util.extend function - CVE-2023-26158
You might also like:
- Tags:
- npm
- billboard.js
Anything's wrong? Let us know Last updated on July 29, 2025


