CWE-1321: CWE-1321

This CVE describes a prototype pollution vulnerability in dot-properties v1.0.1's lib.parse function that allows attackers to cause Denial of Service ...

This CVE describes a prototype pollution vulnerability in the fieldsToJson function of node-opcua-alarm-condition v2.134.0. Attackers can exploit this...

This vulnerability allows attackers to perform prototype pollution in the lib.deep function of @ndhoule/defaults library version 2.0.1, potentially ca...

CVE-2024-57067 is a prototype pollution vulnerability in dot-qs v0.2.0's lib.parse function that allows attackers to inject malicious properties into ...

This vulnerability is a prototype pollution flaw in expand-object v0.4.2 that allows attackers to inject properties into JavaScript object prototypes....

A prototype pollution vulnerability in php-parser's lib.combine function allows attackers to manipulate object prototypes by supplying crafted payload...

A prototype pollution vulnerability in module-from-string v3.3.1's lib.requireFromString function allows attackers to inject malicious properties into...

This vulnerability is a prototype pollution flaw in php-date-formatter v1.3.6 that allows attackers to inject malicious properties into JavaScript obj...

A prototype pollution vulnerability in the lib.setValue function of @syncfusion/ej2-spreadsheet version 27.2.2 allows attackers to cause Denial of Ser...

A prototype pollution vulnerability in the lib.createPath function of utile v0.3.0 allows attackers to manipulate JavaScript object prototypes, potent...

This CVE describes a prototype pollution vulnerability in the Bun JavaScript runtime. Attackers can exploit this by passing malicious objects to Bun's...

A prototype pollution vulnerability in QNAP operating systems allows attackers to modify object prototypes, potentially causing system crashes via net...

CVE-2023-45282 is a prototype pollution vulnerability in NASA Open MCT (openmct) that allows attackers to modify JavaScript object prototypes through ...

CVE-2023-26132 is a prototype pollution vulnerability in the dottie JavaScript library that allows attackers to modify object prototypes, potentially ...

CVE-2023-26121 is a prototype pollution vulnerability in the safe-eval npm package that allows attackers to modify JavaScript object prototypes, poten...

This vulnerability allows attackers to perform prototype pollution attacks via the extend function in collection.js. It affects applications using col...

This vulnerability in the dot-lens JavaScript package allows attackers to perform prototype pollution attacks via the set() function. This can enable ...

CVE-2023-26102 is a prototype pollution vulnerability in the rangy JavaScript library that allows attackers to modify object prototypes through the ex...

CVE-2021-23373 is a prototype pollution vulnerability in the set-deep-prop npm package that allows attackers to modify object prototypes, potentially ...

CVE-2022-21231 is a prototype pollution vulnerability in the deep-get-set npm package that allows attackers to modify object prototypes, potentially l...

CVE-2022-21190 is a prototype pollution vulnerability in the convict configuration management library for Node.js that allows attackers to modify obje...

CVE-2022-25324 is a Denial of Service vulnerability in the bignum npm package where improper type checking in the .powm function causes V8 engine cras...

CVE-2022-22143 is a prototype pollution vulnerability in the convict configuration management library for Node.js. It allows attackers to modify objec...

CVE-2022-24279 is a prototype pollution vulnerability in madlib-object-utils package versions before 0.1.8. Attackers can exploit the setValue method ...

CVE-2022-25352 is a prototype pollution vulnerability in the libnested JavaScript library that allows attackers to modify object prototypes, potential...

This vulnerability in fastify-multipart allows attackers to crash Node.js applications by sending multipart form data with a 'name=constructor' proper...

CVE-2021-23507 is a prototype pollution vulnerability in the object-path-set npm package that allows attackers to modify JavaScript object prototypes....

This vulnerability allows attackers to perform prototype pollution attacks via the 'set' method in min-dash, enabling them to modify object prototypes...

CVE-2021-3805 is a prototype pollution vulnerability in the object-path npm package that allows attackers to modify JavaScript object prototypes, pote...

CVE-2026-23736 is a prototype pollution vulnerability in seroval's JSON deserialization functionality that allows attackers to modify JavaScript objec...

The npm package `expr-eval` is vulnerable to prototype pollution, allowing attackers to modify JavaScript object prototypes. This can lead to arbitrar...

This CVE describes a prototype pollution vulnerability in the @std/toml Deno Standard Library. Attackers can inject malicious properties into object p...

CVE-2025-3197 is a prototype pollution vulnerability in the expand-object npm package that allows attackers to modify JavaScript object prototypes by ...

CVE-2024-39003 is a prototype pollution vulnerability in amoyjs amoy common v1.0.10 that allows attackers to inject arbitrary properties into objects....

CVE-2023-26135 is a prototype pollution vulnerability in the flatnest npm package that allows attackers to modify object prototypes, potentially leadi...

CVE-2020-28461 is a prototype pollution vulnerability in the js-ini package that allows attackers to inject malicious properties into JavaScript objec...

CVE-2020-28471 is a prototype pollution vulnerability in the properties-reader npm package that allows attackers to inject arbitrary properties into J...

CVE-2022-21803 is a prototype pollution vulnerability in the nconf configuration management library when using the memory engine. Attackers can inject...

A prototype pollution vulnerability in AdonisJS multipart form-data parsing allows remote attackers to manipulate object prototypes at runtime. This c...

This vulnerability allows authenticated remote attackers to conduct server-side prototype pollution attacks in EdgeConnect SD-WAN Orchestrator's web m...

CVE-2022-3901 is a prototype pollution vulnerability in Visioweb.js 1.10.6 that allows attackers to inject malicious properties into JavaScript object...

This CVE describes a prototype pollution vulnerability in the sequelize-typescript library versions prior to 2.1.6. Attackers can inject malicious pro...

The Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier programmatically disables the fix for CVE-2016-3721 when builds are triggered ...

Maker.js versions up to 0.19.1 contain a prototype pollution vulnerability in the extendObject function that allows attackers to modify object prototy...

CVE-2024-39853 is a prototype pollution vulnerability in adolph_dudu ratio-swiper version 0.0.2 that allows attackers to inject arbitrary properties i...

CVE-2024-39001 is a prototype pollution vulnerability in ag-grid-enterprise v31.3.2 that allows attackers to inject arbitrary properties via the _Modu...

This CVE describes a prototype pollution vulnerability in Rollbar.js's merge() function when rollbar.configure() is called with untrusted input. Attac...

CVE-2024-36578 is a prototype pollution vulnerability in akbr update 1.0.0 that allows attackers to modify object prototypes, potentially leading to d...

Lodash versions 4.0.0 through 4.17.22 contain a prototype pollution vulnerability in _.unset and _.omit functions. Attackers can craft paths to delete...

This CVE describes a prototype pollution vulnerability in js-yaml, a JavaScript YAML parser. Attackers can modify object prototypes by injecting malic...