Skip to content

sweetalert2 v11.4.9 and above contains hidden functionality

Low severity GitHub Reviewed Published Nov 23, 2022 to the GitHub Advisory Database • Updated Aug 25, 2025

Package

npm sweetalert2 (npm)

Affected versions

>= 11.4.9, < 11.6.14

Patched versions

11.22.4

Description

sweetalert2 versions 11.4.9 and above are vulnerable to hidden functionality that was introduced by the maintainer. The package outputs audio and/or video messages that do not pertain to the functionality of the package and is not included in versions 11.0.0 - 11.4.8.

Workaround

Use a version 11.0.0 - 11.4.8 of the package until the maintainer releases a fix.

References

Published to the GitHub Advisory Database Nov 23, 2022
Reviewed Nov 23, 2022
Last updated Aug 25, 2025

Severity

Low

EPSS score

Weaknesses

Hidden Functionality

The product contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the product's users or administrators. Learn more on MITRE.

CVE ID

No known CVE

GHSA ID

GHSA-qq6h-5g6j-q3cm

Source code

Credits

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.