Yahoo Serialize-Javascript vulnerabilities

CVE-2026-34043 [HIGH] CWE-400 CVE-2026-34043: Serialize JavaScript to a superset of JSON that includes regular expressions and functions. Prior to Serialize JavaScript to a superset of JSON that includes regular expressions and functions. Prior to version 7.0.5, there is a Denial of Service (DoS) vulnerability caused by CPU exhaustion. When serializing a specially crafted "array-like" object (an object that inherits from Array.prototype but has a very large length property), the process enters a

CVE-2019-16769 [MEDIUM] CWE-79 CVE-2019-16769: The serialize-javascript npm package before version 2.1.1 is vulnerable to Cross-site Scripting (XSS The serialize-javascript npm package before version 2.1.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.toString() backslash-escapes all forward slashes