Prototype Pollution

Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Prototype Pollution via polluted Object.prototype properties in the merge process. An attacker can inject arbitrary HTTP headers into outbound requests or cause synchrono...

CLSA-2026-1779123410 jq: Fix of 8 CVEs

CVE-2026-40164: randomize hash seed to mitigate hash collision DoS - CVE-2026-40612: limit containment check depth - CVE-2026-41256: fix NUL truncation in program files loaded with -f - CVE-2026-41257: fix signed-int overflow in stackreallocate - CVE-2026-43894: cap numeric literal length to...

Prototype Pollution

Overview defu is a Recursively assign default properties. Lightweight and Fast! Affected versions of this package are vulnerable to Prototype Pollution via the defu function. An attacker can override default configuration values by supplying crafted input containing a proto key, which results in...

Prototype Pollution

Overview Affected versions of this package are vulnerable to Prototype Pollution via the .unset and .omit functions. An attacker can delete properties from built-in prototypes by supplying array-wrapped path segments, potentially impacting application behaviour. Notes: 1 Version 4.18.0 was intend...

Prototype Pollution

Overview @mikro-orm/core is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Supports MongoDB, MySQL, PostgreSQL and SQLite databases as well as usage with vanilla JavaScript. Affected versions of this package are vulnerable to Prototype Pollution via the...

Prototype Pollution

Overview devalue is a JSON.stringify, but handles cyclical references, repeated references, undefined, regular expressions, dates, Map and Set. Affected versions of this package are vulnerable to Prototype Pollution via the uneval method. An attacker can manipulate object prototypes by supplying...

Prototype Pollution

Overview @casl/ability is a CASL is an isomorphic authorization JavaScript library which restricts what resources a given user is allowed to access Affected versions of this package are vulnerable to Prototype Pollution via the rulesToFields which handles object properties. An attacker can inject...

Prototype Pollution

Overview Affected versions of this package are vulnerable to Prototype Pollution via the .unset and .omit functions. An attacker can delete methods held in properties of global prototypes but cannot overwrite those properties. Details Prototype Pollution is a vulnerability affecting JavaScript...

Prototype Pollution

Overview Affected versions of this package are vulnerable to Prototype Pollution via the .unset and .omit functions. An attacker can delete methods held in properties of global prototypes but cannot overwrite those properties. Details Prototype Pollution is a vulnerability affecting JavaScript...

EUVD-2024-0786

Malicious code in bioql PyPI...

Prototype Pollution

Overview Affected versions of this package are vulnerable to Prototype Pollution via the attachToObject function. An attacker can inject arbitrary properties into Object.prototype by supplying a crafted payload, potentially causing application instability or denial of service. Details Prototype...

Prototype Pollution

Overview org.webjars.npm:rollbar is an Effortlessly track and debug errors in your JavaScript applications with Rollbar. This package includes advanced error tracking features and an intuitive interface to help you identify and fix issues more quickly. Affected versions of this package are...

Prototype Pollution

Overview sassdoc-extras is a SassDoc's Toolbelt Affected versions of this package are vulnerable to Prototype Pollution via the byGroupAndType function. An attacker can inject arbitrary properties into Object.prototype by supplying a crafted payload, potentially causing application instability or...

Prototype Pollution

Overview csvjson is a convert csv to json and json to csv Affected versions of this package are vulnerable to Prototype Pollution via the toCsv function. An attacker can cause a denial of service by injecting properties into Object.prototype through a crafted payload. Details Prototype Pollution ...

Prototype Pollution

Overview messageformat is an Intl.MessageFormat / Unicode MessageFormat 2 parser, runtime and polyfill Affected versions of this package are vulnerable to Prototype Pollution via improper handling of message key paths containing special characters in the process when processing nested message key...

Prototype Pollution

Overview rollbar is an Effortlessly track and debug errors in your JavaScript applications with Rollbar. This package includes advanced error tracking features and an intuitive interface to help you identify and fix issues more quickly. Affected versions of this package are vulnerable to Prototyp...

Prototype Pollution

Overview mpregular is a Affected versions of this package are vulnerable to Prototype Pollution via the mp.addEventHandler function. An attacker can cause application instability or crash by injecting malicious properties into Object.prototype through a specially crafted payload. Details Prototyp...

Prototype Pollution

Overview Affected versions of this package are vulnerable to Prototype Pollution via the attachToObject function. An attacker can inject arbitrary properties into Object.prototype by supplying a crafted payload, potentially leading to application instability or service disruption. Details Prototy...

Prototype Pollution

Overview docarray is a The data structure for multimodal data Affected versions of this package are vulnerable to Prototype Pollution due to a lack of sanitization of unauthorized internal object in the getitem method. An attacker can manipulate object prototype attributes by sending a crafted...

Prototype Pollution

Overview org.webjars.npm:xe-utils is a JavaScript 函数库、工具类 Affected versions of this package are vulnerable to Prototype Pollution through the merge function. Details Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into...