GHSA-2cm2-m3w5-gp2f: vm2 has access to `VM2_INTERNAL_STATE_DO_NOT_USE_OR_PROGRAM_WILL_FAIL`

May 8, 2026

https://github.com/patriksimek/vm2/security/advisories/GHSA-wp5r-2gw5-m7q7 is not fully patched.

References

github.com/advisories/GHSA-2cm2-m3w5-gp2f
github.com/patriksimek/vm2
github.com/patriksimek/vm2/releases/tag/v3.11.2
github.com/patriksimek/vm2/security/advisories/GHSA-2cm2-m3w5-gp2f

Code Behaviors & Features

Detect and mitigate GHSA-2cm2-m3w5-gp2f with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →