According to its self-reported version number, Lodash is prior to 4.17.21. It is, therefore, affected by multiple vulnerabilities:
A command injection via template. (CVE-2021-23337)
A regular expression denial of dervice via the toNumber, trim and trimEnd functions. (CVE-2020-28500)
Note that the scanner has not tested for these issues but has instead relied only on the application’s self-reported version number.
No source data