EUVD-2025-31407

Malicious code in bioql PyPI...

CVE-2025-3193

Versions of the package algoliasearch-helper from 2.0.0-rc1 and before 3.11.2 are vulnerable to Prototype Pollution in the merge function in merge.js, which allows constructor.prototype to be written even though doing so throws an error. In the "extreme edge-case" that the resulting error is...

algoliasearch-helper is vulnerable to Prototype Pollution in _merge()

Versions of the package algoliasearch-helper from 2.0.0-rc1 and before 3.11.2 are vulnerable to Prototype Pollution in the merge function in merge.js, which allows constructor.prototype to be written even though doing so throws an error. In the "extreme edge-case" that the resulting error is...

PT-2025-39711

Name of the Vulnerable Software and Affected Versions algoliasearch-helper versions 2.0.0-rc1 through 3.11.2 Description The package contains a Prototype Pollution issue in the merge function within the merge.js file. This allows modification of the constructor.prototype, potentially leading to...

Prototype Pollution

dset is vulnerable to prototype pollution. An attacker can inject properties into existing construct prototypes via the merge function in the merge.js and modify attributes such as proto, constructor, and prototype...

Prototype Pollution

putil-merge is vulnerable to prototype pollution. The vulnerability exists due to the validations are not handled properly in the merge method in merge.js file which allows an attacker to inject properties into existing construct prototypes and modify attributes...