EUVD-2025-9700

Malicious code in bioql PyPI...

EUVD-2024-53514

Malicious code in bioql PyPI...

Prototype Pollution

expand-object is vulnerable to Prototype Pollution. The vulnerability is due to improper input validation in the expand function in index.js, which expands strings into objects without filtering out sensitive properties like proto, and allows attackers to manipulate object prototypes, potentially...

CVE-2025-3197

Versions of the package expand-object from 0.0.0 are vulnerable to Prototype Pollution in the expand function in index.js. This function expands the given string into an object and allows a nested property to be set without checking the provided keys for sensitive properties like proto...

3gtel-frontend-platform (=1.0.0), @achieve-all/v-element (=1.0.0) +294 more potentially affected by CVE-2025-3197 via expand-object (>=0.2.3 <=0.4.2)

expand-object NPM version =0.2.3, =0.1.1, =1.0.0, =1.0.0, =2.0.0, =2.0.7, =0.1.0, =1.0.0, =1.0.8, =0.1.2, =1.0.3, =6.0.0-rc1, =1.0.0, =1.0.8 and more Source cves: CVE-2025-3197 Source advisory: OSV:GHSA-4VJR-HFPP-2M7W...

GHSA-4VJR-HFPP-2M7W expand-object Vulnerable to Prototype Pollution via the expand() Function

Versions of the package expand-object from 0.0.0 to 0.4.2 are vulnerable to Prototype Pollution in the expand function in index.js. This function expands the given string into an object and allows a nested property to be set without checking the provided keys for sensitive properties like proto...

expand-object Vulnerable to Prototype Pollution via the expand() Function

Versions of the package expand-object from 0.0.0 to 0.4.2 are vulnerable to Prototype Pollution in the expand function in index.js. This function expands the given string into an object and allows a nested property to be set without checking the provided keys for sensitive properties like proto...

CVE-2025-3197

Versions of the package expand-object from 0.0.0 are vulnerable to Prototype Pollution in the expand function in index.js. This function expands the given string into an object and allows a nested property to be set without checking the provided keys for sensitive properties like proto...

CVE-2025-3197

Versions of the package expand-object from 0.0.0 are vulnerable to Prototype Pollution in the expand function in index.js. This function expands the given string into an object and allows a nested property to be set without checking the provided keys for sensitive properties like proto...

CVE-2025-3197

Versions of the package expand-object from 0.0.0 are vulnerable to Prototype Pollution in the expand function in index.js. This function expands the given string into an object and allows a nested property to be set without checking the provided keys for sensitive properties like proto...

CVE-2025-3197

CVE-2025-3197 concerns the expand-object library. Reports across multiple sources confirm a Prototype Pollution flaw in the expand() function (index.js) that turns a string into an object without filtering keys like proto . Affected: expand-object versions 0.0.0 and later. Potential impact descri...

CVE-2025-3197

Versions of the package expand-object from 0.0.0 are vulnerable to Prototype Pollution in the expand function in index.js. This function expands the given string into an object and allows a nested property to be set without checking the provided keys for sensitive properties like proto...

expand-object 安全漏洞

expand-object is a library by Jon Schlinkert, a personal developer, that uses simple symbols to expand strings into JavaScript objects. A security vulnerability exists in expand-object that stems from prototype contamination in the expand function...

CVE-2024-57069

A prototype pollution in the lib function of expand-object v0.4.2 allows attackers to cause a Denial of Service DoS via supplying a crafted payload...

CVE-2024-57069

A prototype pollution in the lib function of expand-object v0.4.2 allows attackers to cause a Denial of Service DoS via supplying a crafted payload...

CVE-2024-57069

A prototype pollution in the lib function of expand-object v0.4.2 allows attackers to cause a Denial of Service DoS via supplying a crafted payload...

CVE-2024-57069

A prototype pollution in the lib function of expand-object v0.4.2 allows attackers to cause a Denial of Service DoS via supplying a crafted payload...

PT-2025-5769 · Unknown · Expand-Object

Name of the Vulnerable Software and Affected Versions: expand-object version 0.4.2 Description: A prototype pollution in the lib function of expand-object allows attackers to cause a Denial of Service DoS via supplying a crafted payload. Recommendations: For expand-object version 0.4.2, consider...

expand-object 安全漏洞

expand-object is a library by Jon Schlinkert, a personal developer, that uses simple symbols to expand strings into JavaScript objects. A security vulnerability exists in expand-object version v0.4.2, which stems from the lib function containing a prototype contamination vulnerability...

CVE-2023-46308

In Plotly plotly.js before 2.25.2, plot API calls have a risk of proto being polluted in expandObjectPaths or nestedProperty...