Prototype Pollution

apidoc-core is vulnerable to Prototype Pollution. The vulnerability is due to improper handling of malformed data structures in the preProcess functions, which allows an attacker to manipulate JavaScript object prototypes via crafted properties such as define, leading to denial of service or...

CVE-2025-13158

Prototype pollution vulnerability in apidoc-core versions 0.2.0 and all subsequent versions allows remote attackers to modify JavaScript object prototypes via malformed data structures, including the “define” property processed by the application, potentially leading to denial of service or...

Prototype Pollution

Overview apidoc-core is a Core parser library to generate apidoc result following the apidoc-spec Affected versions of this package are vulnerable to Prototype Pollution via the preProcess function in apigroup.js, apiparamtitle.js, apiuse.js, and apipermission.js. An attacker can alter object...

GHSA-6VJ3-P34W-XXJP apidoc-core has a prototype pollution vulnerability

Prototype pollution vulnerability in apidoc-core versions 0.2.0 and all subsequent versions allows remote attackers to modify JavaScript object prototypes via malformed data structures, including the “define” property processed by the application, potentially leading to denial of service or...

@afaizal/apidoc-swagger (>=0.2.2 <=0.3.7), @b1cloud/apidoc-postman (=1.0.0) +93 more potentially affected by CVE-2025-13158 via apidoc-core (>=0.2.2 <=0.8.3)

apidoc-core NPM version =0.2.2, =0.2.2, =1.0.2, =1.0.1, =1.0.5, =4.1.2, =0.0.0, =1.0.2, =4.5.0, =0.17.6, =0.17.9 - abstract-scheduler =0.6.0 and more Source cves: CVE-2025-13158 Source advisory: SNYK:JS-APIDOCCORE-14723211...

apidoc-core has a prototype pollution vulnerability

Prototype pollution vulnerability in apidoc-core versions 0.2.0 and all subsequent versions allows remote attackers to modify JavaScript object prototypes via malformed data structures, including the “define” property processed by the application, potentially leading to denial of service or...

CVE-2025-13158

Prototype pollution vulnerability in apidoc-core versions 0.2.0 and all subsequent versions allows remote attackers to modify JavaScript object prototypes via malformed data structures, including the “define” property processed by the application, potentially leading to denial of service or...

CVE-2025-13158

apidoc-core is affected by a prototype pollution vulnerability affecting versions 0.2.0 and later. The issue stems from the preProcess() logic in worker modules (api_group.js, api_param_title.js, api_use.js, api_permission.js), which can be exploited by malformed data structures (notably via the ...

EUVD-2025-205451

Prototype pollution vulnerability in apidoc-core versions 0.2.0 and all subsequent versions allows remote attackers to modify JavaScript object prototypes via malformed data structures, including the “define” property processed by the application, potentially leading to denial of service or...

CVE-2025-13158 apidoc-core - prototype pollution in api_group.js, api_param_title.js, api_use.js, and api_permission.js worker

Prototype pollution vulnerability in apidoc-core versions 0.2.0 and all subsequent versions allows remote attackers to modify JavaScript object prototypes via malformed data structures, including the “define” property processed by the application, potentially leading to denial of service or...

CVE-2025-13158 apidoc-core - prototype pollution in api_group.js, api_param_title.js, api_use.js, and api_permission.js worker

Prototype pollution vulnerability in apidoc-core versions 0.2.0 and all subsequent versions allows remote attackers to modify JavaScript object prototypes via malformed data structures, including the “define” property processed by the application, potentially leading to denial of service or...

apidoc-core 安全漏洞

apidoc-core is an open source parser library from apiDoc. A security vulnerability exists in apidoc-core version 0.2.0 and later versions, which stems from prototype contamination and could lead to a denial of service or unexpected behavior by a remote attacker who modifies JavaScript object...

PT-2025-53598

Name of the Vulnerable Software and Affected Versions apidoc-core versions 0.2.0 and subsequent versions Description A prototype pollution issue exists in apidoc-core. This allows remote attackers to modify JavaScript object prototypes through malformed data structures, specifically the “define”...

Prototype Pollution

apidoc-core is vulnerable to Prototype Pollution. The vulnerability is due to insufficient input validation in the preProcess function, which allows an attacker to supply a crafted payload and inject properties into the Object.prototype, potentially causing a denial of service DoS or unexpected...

EUVD-2025-31115

Malicious code in bioql PyPI...

CVE-2025-57317

apidoc-core is the core parser library to generate apidoc result following the apidoc-spec. A Prototype Pollution vulnerability in the preProcess function of apidoc-core versions thru 0.15.0 allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial ...

GHSA-5Q53-78F2-6GF8 apidoc-core is vulnerable to prototype pollution

apidoc-core is the core parser library to generate apidoc result following the apidoc-spec. A Prototype Pollution vulnerability in the preProcess function of apidoc-core versions thru 0.15.0 allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial ...

Prototype Pollution

Overview apidoc-core is a Core parser library to generate apidoc result following the apidoc-spec Affected versions of this package are vulnerable to Prototype Pollution via the preProcess function. An attacker can cause a denial of service by injecting properties into Object.prototype through a...

@abcpros/minimal-slp-wallet (>=3.0.1 <=3.0.4), @abcpros/minimal-xpi-slp-wallet (>=3.0.4 <=3.0.10) +78 more potentially affected by CVE-2025-57317 via apidoc-core (>=0.10.0 <=0.15.0)

apidoc-core NPM version =0.10.0, =3.0.1, =3.0.4, =1.4.3, =3.0.10, =1.1.7, =0.6.9, =1.0.4, =0.0.3, =0.0.1, =0.2.3, =1.0.0, =1.0.5 and more Source cves: CVE-2025-57317 Source advisory: OSV:GHSA-5Q53-78F2-6GF8...

@abcpros/minimal-slp-wallet (>=3.0.1 <=3.0.4), @abcpros/minimal-xpi-slp-wallet (>=3.0.4 <=3.0.10) +163 more potentially affected by CVE-2025-57317 via apidoc-core (>=0.10.0 <=0.8.3)

apidoc-core NPM version =0.10.0, =3.0.1, =3.0.4, =0.2.2, =1.4.3, =1.0.2, =3.0.10, =1.1.7, =1.0.1, =1.0.5, =0.6.9, =1.0.4, =1.0.10 - @comodinx/api-doc =1.0.0 and more Source cves: CVE-2025-57317 Source advisory: SNYK:JS-APIDOCCORE-13110017...