CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

26 matches found

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2021-2473

Malware in sbrugna...

9.8CVSS9.4AI score0.0053EPSS

Exploits1References5

RedhatCVE•added 2025/05/23 9:6 a.m.•3 views

CVE-2024-36582

alexbinary object-deep-assign 1.0.11 is vulnerable to Prototype Pollution via the extend method of Module.deepAssign /src/index.js...

9.8CVSS7.2AI score0.00193EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 9:3 a.m.•3 views

CVE-2024-38983

Prototype Pollution in alykoshin mini-deep-assign v0.0.8 allows an attacker to execute arbitrary code or cause a Denial of Service DoS and cause other impacts via the assign method at /lib/index.js:91...

9.8CVSS6.2AI score0.00158EPSS

Exploits1References1

NVD•added 2024/07/30 9:15 p.m.•9 views

CVE-2024-38983

9.8CVSS0.00158EPSS

Exploits1References1

OSV•added 2024/07/30 9:15 p.m.•7 views

CVE-2024-38983

9.8CVSS7.8AI score

Exploits0References1

CVE•added 2024/07/30 12:0 a.m.•55 views

CVE-2024-38983

CVE-2024-38983 affects the JavaScript library mini-deep-assign v0.0.8, where the prototype pollution arises from the internal _assign() at /lib/index.js:91. This enables an attacker to execute arbitrary code or cause a Denial of Service (DoS) and other impacts as described in multiple connected s...

9.8CVSS7.9AI score0.00158EPSS

Exploits1References1Affected Software1

CNNVD•added 2024/07/30 12:0 a.m.•3 views

mini-deep-assign 安全漏洞

mini-deep-assign is a library by Alexander Personal Developer. A security vulnerability exists in mini-deep-assign version v0.0.8. An attacker can exploit this vulnerability to execute arbitrary code or cause a denial of service and other impact via the assign method at /lib/index.js:91...

9.8CVSS7.7AI score0.00158EPSS

Exploits1References2

Vulnrichment•added 2024/07/30 12:0 a.m.•10 views

CVE-2024-38983

8AI score0.00158EPSS

Exploits1References1

Cvelist•added 2024/07/30 12:0 a.m.•12 views

CVE-2024-38983

0.00158EPSS

Exploits1References1

Positive Technologies•added 2024/07/30 12:0 a.m.•4 views

PT-2024-28300 · Unknown · Mini-Deep-Assign

Name of the Vulnerable Software and Affected Versions: mini-deep-assign version 0.0.8 Description: The issue allows an attacker to execute arbitrary code or cause a Denial of Service DoS and cause other impacts via the assign method. This method is located at /lib/index.js:91. Recommendations: Fo...

9.8CVSS7.7AI score0.00158EPSS

Exploits1References6

Veracode•added 2024/06/19 5:41 a.m.•10 views

Prototype Pollution

@alexbinary/object-deep-assign is vulnerable to Prototype Pollution. The vulnerability is due to the lack of prototype checks in the extend function within index.js. Attackers can exploit this method to copy malicious properties to the built-in Object.prototype through special properties like pro...

9.8CVSS6.7AI score0.00193EPSS

Exploits0References3Affected Software1

Github Security Blog•added 2024/06/17 3:30 p.m.•17 views

object-deep-assign Prototype Pollution

alexbinary object-deep-assign 1.0.11 is vulnerable to Prototype Pollution via the extend method of Module.deepAssign /src/index.js...

9.8CVSS6.8AI score0.00193EPSS

Exploits0References3Affected Software1

NVD•added 2024/06/17 3:15 p.m.•15 views

CVE-2024-36582

alexbinary object-deep-assign 1.0.11 is vulnerable to Prototype Pollution via the extend method of Module.deepAssign /src/index.js...

9.8CVSS0.00193EPSS

Exploits0References1

GitLab Advisory Database•added 2024/06/17 12:0 a.m.•14 views

object-deep-assign Prototype Pollution

alexbinary object-deep-assign 1.0.11 is vulnerable to Prototype Pollution via the extend method of Module.deepAssign /src/index.js...

6.7AI score0.00193EPSS

Exploits0References4Affected Software1

Positive Technologies•added 2024/06/17 12:0 a.m.•3 views

PT-2024-27081 · Alexbinary · Object-Deep-Assign

Name of the Vulnerable Software and Affected Versions: alexbinary object-deep-assign version 1.0.11 Description: The issue concerns a Prototype Pollution vulnerability via the extend method of Module.deepAssign, located in /src/index.js. Recommendations: For alexbinary object-deep-assign version...

9.8CVSS6.6AI score0.00193EPSS

Exploits0References4

CNNVD•added 2024/06/17 12:0 a.m.•3 views

object-deep-assign security vulnerability

object-deep-assign is a library by Alex Binary Personal Developer. A security vulnerability exists in object-deep-assign version 1.0.11, which stems from easy prototype contamination via extend in Module.deepAssign /src/index.js...

9.8CVSS6.9AI score0.00193EPSS

Exploits0References2

OSV•added 2022/06/30 12:15 p.m.•2 views

CVE-2021-40663

deep.assign npm package 0.0.0-alpha.0 is vulnerable to Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution'...

9.8CVSS5.8AI score0.005EPSS

Exploits1References3

CNNVD•added 2022/06/30 12:0 a.m.•2 views

deep-assign 安全漏洞

deep-assign is an npm package. A security vulnerability exists in the npm package deep.assign version 0.0.0-alpha.0, which is vulnerable to "prototype contamination"...

9.8CVSS8.3AI score0.005EPSS

Exploits1References4

OSV•added 2021/12/10 6:55 p.m.•11 views

GHSA-7QM6-9V49-38M9 Prototype Pollution in record-like-deep-assign

All versions of package record-like-deep-assign are vulnerable to Prototype Pollution via the main functionality. PoC js const deepAssign = require'record-like-deep-assign'; let obj = ; console.log"Before being polluted: " + obj.polluted; EVILJSON = JSON.parse'"proto":"polluted":true'; deepAssign...

7.3CVSS9.5AI score0.0053EPSS

Exploits1References4

Github Security Blog•added 2021/12/10 6:55 p.m.•29 views

Prototype Pollution in record-like-deep-assign

9.8CVSS8.9AI score0.0053EPSS

Exploits1References4Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by