Total
377 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-41714 | 1 Fastest-json-copy Project | 1 Fastest-json-copy | 2025-05-05 | N/A | 5.3 MEDIUM |
| fastest-json-copy version 1.0.1 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the '__proto__' property to be edited. | |||||
| CVE-2022-41713 | 1 Deep-object-diff Project | 1 Deep-object-diff | 2025-05-05 | N/A | 5.3 MEDIUM |
| deep-object-diff version 1.1.0 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the '__proto__' property to be edited. | |||||
| CVE-2024-39001 | 1 Ag-grid | 2 Ag-grid, Ag Charts | 2025-05-01 | N/A | 6.3 MEDIUM |
| ag-grid-enterprise v31.3.2 was discovered to contain a prototype pollution via the component _ModuleSupport.jsonApply. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | |||||
| CVE-2021-25943 | 1 101 Project | 1 101 | 2025-04-30 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in '101' versions 1.0.0 through 1.6.3 allows an attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2021-25941 | 1 Deep-override Project | 1 Deep-override | 2025-04-30 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in 'deep-override' versions 1.0.0 through 1.0.1 allows an attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2021-25928 | 1 Manta | 1 Safe-obj | 2025-04-30 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in 'safe-obj' versions 1.0.0 through 1.0.2 allows an attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2021-25927 | 1 Safe-flat Project | 1 Safe-flat | 2025-04-30 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in 'safe-flat' versions 2.0.0 through 2.0.1 allows an attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2021-25916 | 1 Patchmerge Project | 1 Patchmerge | 2025-04-30 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in 'patchmerge' versions 1.0.0 through 1.0.1 allows an attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2021-25915 | 1 Changeset Project | 1 Changeset | 2025-04-30 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in 'changeset' versions 0.0.1 through 0.2.5 allows an attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2021-25914 | 1 Fireblink | 1 Object-collider | 2025-04-30 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in 'object-collider' versions 1.0.0 through 1.0.3 allows attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2024-38985 | 1 Janrywang | 1 Depath | 2025-04-30 | N/A | 9.8 CRITICAL |
| janryWang products depath v1.0.6 and cool-path v1.1.2 were discovered to contain a prototype pollution via the set() method at setIn (lib/index.js:90). This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | |||||
| CVE-2022-24999 | 3 Debian, Openjsf, Qs Project | 3 Debian Linux, Express, Qs | 2025-04-29 | N/A | 7.5 HIGH |
| qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[__proto__]=b&a[__proto__]&a[length]=100000000. The fix was backported to qs 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, and 6.2.4 (and therefore Express 4.17.3, which has "deps: qs@6.9.7" in its release description, is not vulnerable). | |||||
| CVE-2024-38996 | 1 Ag-grid | 1 Ag-grid | 2025-04-28 | N/A | 9.8 CRITICAL |
| ag-grid-community v31.3.2 and ag-grid-enterprise v31.3.2 were discovered to contain a prototype pollution via the _.mergeDeep function. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | |||||
| CVE-2024-24292 | 1 Aliconnect | 1 Software Development Kit | 2025-04-17 | N/A | 9.8 CRITICAL |
| A Prototype Pollution issue in Aliconnect /sdk v.0.0.6 allows an attacker to execute arbitrary code via the aim function in the aim.js component. | |||||
| CVE-2022-1802 | 2 Google, Mozilla | 4 Android, Firefox, Firefox Esr and 1 more | 2025-04-16 | N/A | 8.8 HIGH |
| If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1. | |||||
| CVE-2022-1529 | 2 Google, Mozilla | 4 Android, Firefox, Firefox Esr and 1 more | 2025-04-16 | N/A | 8.8 HIGH |
| An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1. | |||||
| CVE-2022-25904 | 1 Safe-eval Project | 1 Safe-eval | 2025-04-16 | N/A | 7.5 HIGH |
| All versions of package safe-eval are vulnerable to Prototype Pollution which allows an attacker to add or modify properties of the Object.prototype.Consolidate when using the function safeEval. This is because the function uses vm variable, leading an attacker to modify properties of the Object.prototype. | |||||
| CVE-2022-2200 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-04-15 | N/A | 8.8 HIGH |
| If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. | |||||
| CVE-2024-57083 | 1 Redocly | 1 Redoc | 2025-04-14 | N/A | 7.5 HIGH |
| A prototype pollution in the component Module.mergeObjects (redoc/bundles/redoc.lib.js:2) of redoc <= 2.2.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | |||||
| CVE-2024-38988 | 1 Alizeait | 1 Unflatto | 2025-04-14 | N/A | 9.8 CRITICAL |
| alizeait unflatto <= 1.0.2 was discovered to contain a prototype pollution via the method exports.unflatto at /dist/index.js. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | |||||