GHSA-457r-cqc8-9vj9: sweetalert2 v10.16.10 and above contains hidden functionality

November 23, 2022 (updated August 25, 2025)

sweetalert2 versions 10.16.10 and up until 11.0.0 are vulnerable to hidden functionality that was introduced by the maintainer. The package outputs audio and/or video messages that do not pertain to the functionality of the package and is not included in versions 10.0.0 - 10.16.9.

References

github.com/advisories/GHSA-457r-cqc8-9vj9
github.com/sweetalert2/sweetalert2
github.com/sweetalert2/sweetalert2/releases/tag/v11.4.9
www.npmjs.com/package/sweetalert2

Code Behaviors & Features

Detect and mitigate GHSA-457r-cqc8-9vj9 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →