Skip to content

sweetalert2 contains potentially undesirable behavior

Low severity GitHub Reviewed Published Jul 10, 2023 to the GitHub Advisory Database • Updated Aug 14, 2025

Package

npm sweetalert2 (npm)

Affected versions

>= 11.6.14, < 11.22.4

Patched versions

11.22.4

Description

sweetalert2 versions from 11.6.14 to before 11.22.4 have potentially undesirable behavior. The package outputs audio and/or video messages that do not pertain to the functionality of the package when run on specific tlds. This functionality is documented on the project's readme.

References

Published to the GitHub Advisory Database Jul 10, 2023
Reviewed Jul 10, 2023
Last updated Aug 14, 2025

Severity

Low

EPSS score

Weaknesses

Expected Behavior Violation

A feature, API, or function does not perform according to its specification. Learn more on MITRE.

CVE ID

No known CVE

GHSA ID

GHSA-mrr8-v49w-3333

Source code

Credits

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.