Prototype Pollution

web3-core-method is vulnerable to Prototype Pollution. The vulnerability is due to improper handling of user-supplied input in the attachToObject function, which allows an attacker to supply a crafted payload and inject properties into the Object.prototype, potentially leading to denial of servic...

Prototype Pollution

web3-core-subscriptions is vulnerable to Prototype Pollution. The vulnerability is due to improper handling of user-supplied input in the attachToObject function, which allows an attacker to inject properties into Object.prototype...

EUVD-2025-31064

Malicious code in bioql PyPI...

EUVD-2025-31063

Malicious code in bioql PyPI...

CVE-2025-57330

The web3-core-subscriptions is a package designed to manages web3 subscriptions. A Prototype Pollution vulnerability in the attachToObject function of web3-core-subscriptions version 1.10.4 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causi...

Prototype Pollution

Overview Affected versions of this package are vulnerable to Prototype Pollution via the attachToObject function. An attacker can inject arbitrary properties into Object.prototype by supplying a crafted payload, potentially leading to application instability or service disruption. Details Prototy...

Prototype Pollution

Overview Affected versions of this package are vulnerable to Prototype Pollution via the attachToObject function. An attacker can inject arbitrary properties into Object.prototype by supplying a crafted payload, potentially causing application instability or denial of service. Details Prototype...

Prototype Pollution

Overview Affected versions of this package are vulnerable to Prototype Pollution via the attachToObject function. An attacker can inject arbitrary properties into Object.prototype by supplying a crafted payload, potentially leading to application instability or service disruption. Details Prototy...

GHSA-2J4C-9QQQ-896R web3-core-method is vulnerable to prototype pollution

web3-core-method is a package designed to creates the methods on the web3 modules. A Prototype Pollution vulnerability in the attachToObject function of web3-core-method version 1.10.4 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing...

web3-core-method is vulnerable to prototype pollution

web3-core-method is a package designed to creates the methods on the web3 modules. A Prototype Pollution vulnerability in the attachToObject function of web3-core-method version 1.10.4 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing...

web3-core-subscriptions has a Prototype Pollution vulnerability

The web3-core-subscriptions is a package designed to manages web3 subscriptions. A Prototype Pollution vulnerability in the attachToObject function of web3-core-subscriptions version 1.10.4 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causi...

Prototype Pollution

Overview Affected versions of this package are vulnerable to Prototype Pollution via the attachToObject function. An attacker can inject arbitrary properties into Object.prototype by supplying a crafted payload, potentially causing application instability or denial of service. Details Prototype...

GHSA-HHF6-3XPG-PGGX web3-core-subscriptions has a Prototype Pollution vulnerability

The web3-core-subscriptions is a package designed to manages web3 subscriptions. A Prototype Pollution vulnerability in the attachToObject function of web3-core-subscriptions version 1.10.4 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causi...

CVE-2025-57329

web3-core-method is a package designed to creates the methods on the web3 modules. A Prototype Pollution vulnerability in the attachToObject function of web3-core-method version 1.10.4 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing...

CVE-2025-57330

The web3-core-subscriptions is a package designed to manages web3 subscriptions. A Prototype Pollution vulnerability in the attachToObject function of web3-core-subscriptions version 1.10.4 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causi...

CVE-2025-57330

The web3-core-subscriptions is a package designed to manages web3 subscriptions. A Prototype Pollution vulnerability in the attachToObject function of web3-core-subscriptions version 1.10.4 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causi...

PT-2025-39329

Name of the Vulnerable Software and Affected Versions web3-core-subscriptions versions 1.10.4 and earlier Description The web3-core-subscriptions package, designed for managing web3 subscriptions, contains a flaw in the attachToObject function. This issue allows for Prototype Pollution by enablin...

CVE-2025-57330

The CVE-2025-57330 entry describes a Prototype Pollution in web3-core-subscriptions (attachToObject) affecting version 1.10.4 and earlier. The vulnerability allows an attacker to inject properties into Object.prototype via a crafted payload, with the documented minimum impact being Denial of Serv...

CVE-2025-57329

CVE-2025-57329 affects the JavaScript package web3-core-method (attachToObject) up to version 1.10.4. A prototype pollution flaw allows an attacker-supplied payload to inject properties into Object.prototype, potentially causing a denial of service (DoS) as the minimum consequence. Public referen...

PT-2025-39328

Name of the Vulnerable Software and Affected Versions web3-core-method versions 1.10.4 and earlier Description A Prototype Pollution issue exists in the attachToObject function of web3-core-method. Attackers can inject properties onto Object.prototype by providing a crafted payload. This can lead...