CWE-1321: CWE-1321
Yearly Trend
Top Affected Vendors
All CWE-1321 CVEs (156)
CVE-2021-25916 is a prototype pollution vulnerability in the patchmerge npm package versions 1.0.0 through 1.0.1. This allows attackers to modify obje...
Mar 16, 2021This is a prototype pollution vulnerability in the 'changeset' npm package that allows attackers to modify object prototypes, potentially leading to d...
Mar 9, 2021CVE-2021-25914 is a prototype pollution vulnerability in the 'object-collider' npm package that allows attackers to modify JavaScript object prototype...
Mar 1, 2021This is a prototype pollution vulnerability in the 'dotty' JavaScript library that allows attackers to modify object prototypes, potentially leading t...
Feb 2, 2021This is a prototype pollution vulnerability in the 'field' npm package versions 0.0.1 through 1.0.1. Attackers can manipulate object prototypes to cau...
Nov 12, 2020This is a prototype pollution vulnerability in the 'deephas' npm package that allows attackers to modify object prototypes, potentially leading to den...
Nov 12, 2020CVE-2019-0230 is a remote code execution vulnerability in Apache Struts where forced double OGNL evaluation on raw user input in tag attributes allows...
Sep 14, 2020CVE-2020-7725 is a prototype pollution vulnerability in the worksmith package that allows attackers to modify object prototypes, potentially leading t...
Sep 1, 2020CVE-2020-7727 is a prototype pollution vulnerability in the gedi package that allows attackers to inject arbitrary properties into JavaScript objects,...
Sep 1, 2020CVE-2020-7715 is a prototype pollution vulnerability in the deep-get-set npm package that allows attackers to modify object prototypes, potentially le...
Sep 1, 2020CVE-2020-7717 is a prototype pollution vulnerability in the dot-notes npm package that allows attackers to inject arbitrary properties into JavaScript...
Sep 1, 2020CVE-2020-7719 is a prototype pollution vulnerability in the locutus JavaScript package's php.strings.parse_str function. This allows attackers to inje...
Sep 1, 2020CVE-2020-7721 is a prototype pollution vulnerability in the node-oojs package that allows attackers to inject arbitrary properties into JavaScript obj...
Sep 1, 2020CVE-2020-7723 is a prototype pollution vulnerability in the promisehelpers npm package that allows attackers to inject arbitrary properties into JavaS...
Sep 1, 2020CVE-2020-7713 is a prototype pollution vulnerability in the arr-flatten-unflatten npm package that allows attackers to modify object prototypes, poten...
Sep 1, 2020This prototype pollution vulnerability in Qwik's formToObj() function allows unauthenticated attackers to modify Object.prototype by sending specially...
Feb 3, 2026A prototype pollution vulnerability in Kibana allows attackers to execute arbitrary code by sending specially crafted HTTP requests to machine learnin...
May 6, 2025CVE-2024-57077 is a prototype pollution vulnerability in utils-extend library version 1.0.8 that allows attackers to modify JavaScript object prototyp...
Feb 5, 2025CVE-2021-42581 is a prototype pollution vulnerability in Ramda's mapObjIndexed function that allows attackers to modify JavaScript object prototypes b...
May 10, 2022CVE-2021-41097 is a prototype pollution vulnerability in aurelia-path versions before 1.1.7 that allows attackers to modify the Object prototype throu...
Sep 27, 2021This vulnerability in the Node.js mixme library allows attackers to perform prototype pollution attacks through the mutate() and merge() functions. By...
May 3, 2021CVE-2021-27582 is a mass assignment vulnerability in MITREid Connect's OpenID Connect server that allows attackers to manipulate OAuth authorization p...
Feb 23, 2021This CVE describes a sandbox escape vulnerability in SandboxJS library versions before 0.8.31. It allows sandboxed JavaScript code to bypass isolation...
Feb 9, 2026Locutus versions 2.0.12 through 2.0.38 contain a prototype pollution vulnerability that allows attackers to modify JavaScript object prototypes via cr...
Feb 4, 2026CVE-2026-25047 is a prototype pollution vulnerability in the deephas npm package version 1.0.7 that allows attackers to modify JavaScript object proto...
Jan 29, 2026CVE-2024-38991 is a prototype pollution vulnerability in akbr patch-into v1.0.1 that allows attackers to inject arbitrary properties into JavaScript o...
Jul 1, 2024This CVE describes a prototype pollution vulnerability in @bit/loader v10.0.3 that allows attackers to modify JavaScript object prototypes, potentiall...
May 20, 2024CVE-2021-20086 is a prototype pollution vulnerability in jquery-bbq 1.2.1 that allows attackers to inject malicious properties into Object.prototype. ...
Apr 23, 2021This CVE describes a prototype pollution vulnerability in jquery-plugin-query-object version 2.2.3 that allows attackers to inject arbitrary propertie...
Apr 23, 2021CVE-2021-20087 is a prototype pollution vulnerability in jquery-deparam 0.5.1 that allows attackers to inject properties into Object.prototype. This c...
Apr 23, 2021This vulnerability allows attackers to exploit prototype pollution in Kibana to achieve code injection by combining unrestricted file upload with path...
Apr 8, 2025This CVE describes a prototype pollution vulnerability in Vuetify's preset configuration feature. Attackers can inject malicious properties into JavaS...
Dec 12, 2025CVE-2024-32866 is a prototype pollution vulnerability in the Conform form validation library. It allows attackers to modify JavaScript object prototyp...
Apr 23, 2024CVE-2021-23452 is a prototype pollution vulnerability in the x-assign JavaScript package that allows attackers to modify the global Object.prototype. ...
Oct 20, 2021This CVE describes a Prototype Pollution vulnerability in Mozilla Convict, a Node.js configuration management library. Attackers can inject or overrid...
Nov 26, 2024CVE-2024-21489 is a prototype pollution vulnerability in uPlot's uplot.assign function that allows attackers to modify JavaScript object prototypes. T...
Oct 1, 2024This CVE describes a prototype pollution vulnerability in the dset npm package that allows attackers to inject malicious properties into JavaScript ob...
Sep 11, 2024CVE-2023-26158 is a prototype pollution vulnerability in the mockjs package that allows attackers to modify JavaScript object prototypes through user-...
Dec 8, 2023CVE-2022-36059 is a vulnerability in matrix-js-sdk where specially crafted events can disrupt or corrupt the SDK's runtime data processing. This affec...
Mar 28, 2023This CVE describes a prototype pollution vulnerability in matrix-react-sdk where specially crafted data from remote servers can modify Object.prototyp...
Mar 28, 2023CVE-2022-25878 is a prototype pollution vulnerability in protobufjs library that allows attackers to modify JavaScript object prototypes. This can lea...
May 27, 2022CVE-2021-23470 is a prototype pollution vulnerability in the putil-merge npm package, allowing attackers to inject malicious properties into objects b...
Feb 4, 2022CVE-2024-39016 is a prototype pollution vulnerability in che3vinci c3/utils-1 library version 1.0.131 that allows attackers to inject arbitrary proper...
Jul 1, 2024This CVE describes a Prototype Pollution vulnerability in the byondreal accessor library (version <=1.0.0) that allows attackers to modify JavaScript ...
Jun 17, 2024This CVE describes a __proto__ pollution vulnerability in Synchrony deobfuscator versions before 2.4.4 that allows attackers to modify the Object prot...
Oct 17, 2023CVE-2023-30533 is a prototype pollution vulnerability in SheetJS Community Edition that allows attackers to modify JavaScript object prototypes by upl...
Apr 24, 2023CVE-2022-25301 is a prototype pollution vulnerability in jsgui-lang-essentials that allows attackers to modify JavaScript object prototypes, potential...
May 1, 2022A state pollution vulnerability in TON Virtual Machine (TVM) allows denial of service when Out-of-Gas exceptions occur during child VM initialization....
Feb 13, 2026CVE-2025-3193 is a prototype pollution vulnerability in algoliasearch-helper's _merge() function that allows attackers to inject malicious code throug...
Sep 27, 2025This CVE describes a prototype pollution vulnerability in Redoc's Module.mergeObjects function that allows attackers to cause Denial of Service (DoS) ...
Mar 28, 2025About CWE-1321 (CWE-1321)
Our database tracks 156 CVEs classified as CWE-1321, with 73 rated critical and 69 rated high severity. The average CVSS score for CWE-1321 vulnerabilities is 8.5.
External reference: View CWE-1321 on MITRE CWE →
Monitor CWE-1321 Vulnerabilities
Get alerted when new CWE-1321 CVEs affect your infrastructure.
Start Monitoring Free