brave vulnerabilities now

juca · November 4, 2025, 4:55pm

vulnerabilities	moment.js	2.15.2

| jquery09d07e20ce042ef10e301661ad1f316cFound in https://static.zdassets.com/hc/assets/jquery-09d07e20ce042ef10e301661ad1f316c.js _____Vulnerability info:mediumCVE-2011-4969 XSS with location.hash GHSA-579v-mp3v-rrw51 2 3mediumCVE-2012-6708 11290 Selector interpreted as HTML GHSA-2pqj-h3vj-pqgw1 2 3mediumCVE-2020-7656 Versions of jquery prior to 1.9.0 are vulnerable to Cross-Site Scripting. The load method fails to recognize and remove “”, which results in the enclosed script logic to be executed. This allows attackers to execute arbitrary JavaScript in a victim’s browser. | Recommendation

Upgrade to version 1.9.0 or later. GHSA-q4m3-2j7h-f7xw1 2low73 jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates1moment.js2.15.2Found in https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.15.2/moment.min.js _____Vulnerability info:highRegular Expression Denial of Service (ReDoS) CVE-2017-18214 GHSA-446m-mv8f-q3481 2 3highThis vulnerability impacts npm (server) users of moment.js, especially if user provided locale string, eg fr is directly used to switch moment locale. CVE-2022-24785 GHSA-8hfj-j24r-96c41moment.js4ef0d82f9fc65c8a28f659aa3430955fFound in https://static.zdassets.com/hc/assets/moment-4ef0d82f9fc65c8a28f659aa3430955f.js _____Vulnerability info:mediumreDOS - regular expression denial of service 2936 GHSA-87vv-r9j6-g5qv CVE-2016-40551mediumRegular Expression Denial of Service (ReDoS) 221highRegular Expression Denial of Service (ReDoS) CVE-2017-18214 GHSA-446m-mv8f-q3481 2 3highThis vulnerability impacts npm (server) users of moment.js, especially if user provided locale string, eg fr is directly used to switch moment locale. CVE-2022-24785 GHSA-8hfj-j24r-96c41underscore.js1.8.3Found in https://support.brave.app/hc/theming_assets/01HZHBGEGBHA5EEVCVW0MA6Z8N _____Vulnerability info: | | | |
|----|----|----|----|----|
| |

underscore.js	1.8.3	Found in https://support.brave.app/hc/theming_assets/01HZHBGEGBHA5EEVCVW0MA6Z8N _____Vulnerability info:

high	vulnerable to Arbitrary Code Injection via the template function CVE-2021-23358 GHSA-cf4h-3jhx-xvhq	1

-	-	Did not recognize https://cdnjs.cloudflare.com/ajax/libs/URI.js/1.18.0/URI.min.js
-	-	Did not recognize https://static.zdassets.com/auth/65862f5e6fcaef29148ee7c7f0f3454a27eeefd9/v2/host-without-iframe.js
undefined	----	----

User.1.000.000.000 · November 4, 2025, 7:29pm

Hi, Welcome to the Community! (Unless you’re maybe a bot?)

I might encourage you to edit and rewrite your post because I think most people who are going to look at it are just going to look at it, see a bunch of well really non-sense and move on… I understand you are pointing out there are some vulnerabilities, I would imagine Brave is aware of this and working on any vulnerabilities. If there is anything specifically you would like for Brave to address I’d encourage you to write it out clearly and not just copy and paste a bunch of things you want fixed.

Topic		Replies	Views
Chrome Hack - will it impact Brave Chromium?	4	2545	May 6, 2019
The NPM package is considered a security risk Contributing	10	3496	October 19, 2017
V0.25.2 for desktop has been released!	2	879	October 9, 2018
V0.23.77 for desktop has been released!	2	646	August 3, 2018
"'Unsafe' code within Chrome"	1	338	July 28, 2020
Zerohedge.com and marklevin.com blocked as malicious AGAIN! Web Compatibility	3	684	March 30, 2019
I am concerned about privacy when using Brave	3	248	April 1, 2021
V0.19.123dev for laptop has been released!	2	818	December 28, 2017

brave vulnerabilities now

Related topics