ROOT-APP-NPM-CVE-2026-29063 CVE-2026-29063 in @rootio/immutable - Patched by Root

Root has patched CVE-2026-29063 in the @rootio/immutable package for Root:npm. Multiple fixed versions available...

Security Bulletin: IBM WebSphere Application Server Liberty is affected by a prototype pollution vulnerability used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-29063)

Summary There is a vulnerability in IBM WebSphere Application Server Liberty i used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-29063 DESCRIPTION: Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3,...

Security Bulletin: IBM SPSS Analytic Server is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty

Summary IBM SPSS Analytic Server is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty CVE-2025-14915, CVE-2025-14917, CVE-2026-3621, CVE-2026-1561, CVE-2026-29063. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2026-29063...

Security Bulletin: A vulnerability in the Immutable.js package affects IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary A vulnerability in the Immutable.js package affects IBM® Db2® Big SQL 8 and ealier on IBM Cloud Pak for Data 5.3.1 and earlier. Vulnerability Details CVEID:CVE-2026-29063 DESCRIPTION: Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1....

Security Bulletin: Multiple security vulnerabilities may affect IBM WebSphere Liberty that is shipped with TXSeries for Multiplatforms (CVE-2025-14915, CVE-2025-14917, CVE-2025-14923, CVE-2026-1561, CVE-2026-29063).

Summary Multiple security vulnerabilities may affect IBM WebSphere Liberty that is shipped with TXSeries for Multiplatforms CVE-2025-14915, CVE-2025-14917, CVE-2025-14923, CVE-2026-1561, CVE-2026-29063. IBM WebSphere Liberty has been updated within TXSeries for Multiplatforms to address these...

Security Bulletin: IBM Edge Data Collector uses immutable-4.3.7.tgz which is vulnerable to CVE-2026-29063.

Summary IBM Edge Data Collector uses immutable-4.3.7.tgz which is vulnerable to CVE-2026-29063. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-29063 DESCRIPTION: Immutable.js provides many Persistent Immutable data structures. Prior to versio...

Security Bulletin: Vulnerability in IBM WebSphere Application (CVE-2026-29063) affects IBM PowerVM Novalink.

Summary IBM WebSphere Libery Profile is used by IBM PowerVM Novalink. IBM PowerVM Novalink has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2026-29063 DESCRIPTION: Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototyp...

Security Bulletin: SPSS Collaboration and Deployment Services is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty

Summary SPSS Collaboration and Deployment Services is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty CVE-2025-14923, CVE-2025-14915, CVE-2024-29371, CVE-2026-1561, CVE-2026-29063, CVE-2025-14917. This has been addressed in the remediation section. Vulnerability...

Critical: Red Hat Security Advisory: Kiali 1.73.29 for Red Hat OpenShift Service Mesh 2.6

Kiali 1.73.29 for Red Hat OpenShift Service Mesh 2.6 is now available. An update is now available for Red Hat OpenShift Service Mesh 2.6. This advisory contains the RPM packages for the Kiali component. Red Hat Product Security has rated this update as having a security impact of Critical. A Comm...

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to remote code execution (CVE-2026-29063)

Summary IBM App Connect Enterprise Certified Container operands are vulnerable to remote code execution. This bulletin provides patch information to address the reported vulnerability in node.js module immutable CVE-2026-29063 Vulnerability Details CVEID:CVE-2026-29063 DESCRIPTION: Immutable.js...

IBM WebSphere Application Server Liberty 17.0.0.3 < 26.0.0.4 (7267351)

The version of IBM WebSphere Application Server Liberty running on the remote host is affected by a vulnerability as referenced in the 7267351 advisory. - Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototype Pollution is possible in...

Linux Distros Unpatched Vulnerability : CVE-2026-29063

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototype Pollution is possible in immutable via the...

CVE-2026-29063 vulnerabilities

Vulnerabilities for packages: vitess, rancher-api-ui, argo-workflows...

CVE-2026-29063 vulnerabilities

Vulnerabilities for packages: vitess, rancher-api-ui, argo-workflows...

CVE-2026-29063

Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototype Pollution is possible in immutable via the mergeDeep, mergeDeepWith, merge, Map.toJS, and Map.toObject APIs. This issue has been patched in versions 3.8.3, 4.3.7, and 5.1.5...

@0xgraph/cli (>=0.0.1 <=0.2.1), @actra-development-oss/redux-persistable (>=2.0.0 <=3.0.0) +651 more potentially affected by CVE-2026-29063 via immutable (>=4.0.0-rc.1 <=4.3.7)

immutable NPM version =4.0.0-rc.1, =0.0.1, =2.0.0, =0.2.1, =0.1.0, =1.0.0, =1.0.0, =0.1.0, =1.0.0, =0.0.1, =0.11.8-rc.0, =0.1.0, =0.3.3 - @alfresco/adf-testing =6.0.0-A.2-8258 - @alys-chain/graph-alys-cli =0.88.0 and more Source cves: CVE-2026-29063 Source advisory: OSV:GHSA-WF6X-7X77-MVGW...

-graphql-codegen-client-preset-swc-test (>=2.0.1 <=2.0.2), 01-test-button (>=1.0.0 <=1.0.2) +10994 more potentially affected by CVE-2026-29063 via immutable (>=3.0.1 <=3.8.2)

immutable NPM version =3.0.1, =2.0.1, =1.0.0, =0.0.2, =0.2.0, =2.0.0-rc3, =1.0.0, =1.0.0, =0.1.0, =4.2.1, =6.2.1, =13.6.1, =13.7.2 and more Source cves: CVE-2026-29063 Source advisory: SNYK:JS-IMMUTABLE-15423650...

org.webjars.npm:browser-sync-ui (=2.27.11), org.webjars.npm:bulma (=1.0.0) +21 more potentially affected by CVE-2026-29063 via org.webjars.npm:immutable (>=3.7.6 <=5.1.3)

org.webjars.npm:immutable MAVEN version =3.7.6, =0.7.0, =0.8.3, =0.8.4 - org.webjars.npm:flux =2.1.1 - org.webjars.npm:github-com-DataTables-DataTablesSrc =2.0.5 - org.webjars.npm:github-com-codeforms-Punica-CSS-Framework =3.0.0 - org.webjars.npm:github-com-digicorp-propeller =1.3.2 -...

@alessiodf/core-chameleon (=0.0.1), @arkecosystem/core (>=3.0.0-alpha.0 <=3.12.0-rc.0) +136 more potentially affected by CVE-2026-29063 via immutable (>=5.0.0-beta.2 <=5.1.4)

immutable NPM version =5.0.0-beta.2, =3.0.0-alpha.0, =3.0.0-alpha.0, =3.0.0-alpha.0, =3.0.0-alpha.0, =3.0.0, =3.0.0-alpha.6, =3.9.0, =3.0.0-alpha.0, =3.0.0-alpha.0, =0.1.0, =1.0.6 - @dreamcatcher-tech/web =0.0.0 and more Source cves: CVE-2026-29063 Source advisory: SNYK:JS-IMMUTABLE-15423650...

-graphql-codegen-client-preset-swc-test (>=2.0.1 <=2.0.2), 01-test-button (>=1.0.0 <=1.0.2) +11013 more potentially affected by CVE-2026-29063 via immutable (>=2.0.17 <=3.8.2)

immutable NPM version =2.0.17, =2.0.1, =1.0.0, =0.0.2, =0.2.0, =2.0.0-rc3, =1.0.0, =1.0.0, =0.1.0, =4.2.1, =6.2.1, =13.6.1, =13.7.2 and more Source cves: CVE-2026-29063 Source advisory: OSV:GHSA-WF6X-7X77-MVGW...