PT-2025-43560

Name of the Vulnerable Software and Affected Versions Rollbar.js versions prior to 2.26.5 Rollbar.js versions 3.0.0-alpha1 through 3.0.0-beta5 Description Rollbar.js provides error tracking and logging from Javascript to Rollbar. A prototype pollution issue exists in the merge function when...

Rollbar.js 安全漏洞

Rollbar.js is a bug tracking and logging library from Rollbar open source. A security vulnerability exists in Rollbar.js versions prior to 2.26.5 and versions prior to 3.0.0-alpha1 through 3.0.0-beta5, which stems from a prototype contamination in the merge function that could lead to malicious...

EUVD-2021-2399

Malware in sbrugna...

EUVD-2021-1256

Malware in sbrugna...

EUVD-2019-0737

Malware in sbrugna...

EUVD-2021-2452

Malware in sbrugna...

EUVD-2021-1982

Malware in sbrugna...

EUVD-2022-0813

Malicious code in bioql PyPI...

CVE-2025-3193

Versions of the package algoliasearch-helper from 2.0.0-rc1 and before 3.11.2 are vulnerable to Prototype Pollution in the merge function in merge.js, which allows constructor.prototype to be written even though doing so throws an error. In the "extreme edge-case" that the resulting error is...

GHSA-529Q-4J3P-7C5R algoliasearch-helper is vulnerable to Prototype Pollution in _merge()

Versions of the package algoliasearch-helper from 2.0.0-rc1 and before 3.11.2 are vulnerable to Prototype Pollution in the merge function in merge.js, which allows constructor.prototype to be written even though doing so throws an error. In the "extreme edge-case" that the resulting error is...

CVE-2025-3193

Versions of the package algoliasearch-helper from 2.0.0-rc1 and before 3.11.2 are vulnerable to Prototype Pollution in the merge function in merge.js, which allows constructor.prototype to be written even though doing so throws an error. In the "extreme edge-case" that the resulting error is...

CVE-2025-3193

Versions of the package algoliasearch-helper from 2.0.0-rc1 and before 3.11.2 are vulnerable to Prototype Pollution in the merge function in merge.js, which allows constructor.prototype to be written even though doing so throws an error. In the "extreme edge-case" that the resulting error is...

CVE-2025-3193

The CVE-2025-3193 entry concerns algoliasearch-helper versions 2.0.0-rc1 through 3.11.2 (and earlier) with a Prototype Pollution in the _merge() function of merge.js. The underlying issue allows modification of constructor.prototype and, in an extreme edge-case where the resulting error is caught...

CVE-2025-3193

Versions of the package algoliasearch-helper from 2.0.0-rc1 and before 3.11.2 are vulnerable to Prototype Pollution in the merge function in merge.js, which allows constructor.prototype to be written even though doing so throws an error. In the "extreme edge-case" that the resulting error is...

algoliasearch-helper 安全漏洞

algoliasearch-helper is an open source JavaScript module from Algolia that helps you keep track of search parameters and provides a higher level API. A security vulnerability exists in algoliasearch-helper version 2.0.0-rc1 through versions prior to 3.11.2, which stems from prototype contaminatio...

CVE-2021-39227

ZRender is a lightweight graphic library providing 2d draw for Apache ECharts. In versions prior to 5.2.1, using merge and clone helper methods in the src/core/util.ts module results in prototype pollution. It affects the popular data visualization library Apache ECharts, which uses and exports...

Prototype Pollution

Overview org.webjars.npm:xe-utils is a JavaScript 函数库、工具类 Affected versions of this package are vulnerable to Prototype Pollution through the merge function. Details Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into...

xe-utils 安全漏洞

xe-utils is an open source javascript library, toolkit from XE. A security vulnerability exists in xe-utils version v3.5.31, which stems from the lib.merge function containing a prototype contamination vulnerability...

Prototype Pollution

Overview algoliasearch-helper is a Helper for implementing advanced search features with algolia Affected versions of this package are vulnerable to Prototype Pollution in the merge function in merge.js, which allows constructor.prototype to be written even though doing so throws an error. In the...

AngularJS: Prototype pollution in merge function could result in code injection

A prototype pollution vulnerability was found in AngularJS. A remote attacker could abuse this flaw by providing malicious input to the merge function by overriding or adding properties of the Object.prototype, allowing possible injection of code...