Vulnerabilities/

billboard.js is vulnerable to XSS during chart option binding

Severity:
High

Description

billboard.js before 3.18.0 allows an attacker to execute malicious JavaScript due to improper sanitization during chart option binding.

Recommendation

Update the billboard.js package to the latest compatible version. Followings are version details:

References

Related Issues

Tags:
npm
billboard.js
Anything's wrong? Let us know Last updated on January 28, 2026