Multiple critical vulnerabilities have been uncovered in the vm2 Node.js library, allowing attackers to escape the sandbox and execute arbitrary code on vulnerable systems. The vm2 library is designed to securely run untrusted JavaScript code by intercepting and proxying JavaScript objects, preventing sandboxed code from accessing the host. However, these newly discovered flaws can be exploited by malicious actors to bypass these security measures, potentially leading to system compromise. The vulnerabilities are particularly concerning given the library's purpose of providing a secure environment for executing untrusted code. As a result, developers using the vm2 library should be aware of these vulnerabilities and take immediate action to patch or mitigate them1. This matters to practitioners because the exploitation of these vulnerabilities could have significant consequences, including the execution of malicious code on systems that were thought to be secure, highlighting the need for prompt attention to address these flaws.