OsVault/npm/extend

npm6 critical

extend

25 known vulnerabilities · 6 critical · 4 high

CVE-2018-16492CRITICAL

Prototype Pollution in extend

Published Feb 7, 2019

CVE-2018-16491CRITICAL

Prototype Pollution in node.extend

Published Feb 7, 2019

CVE-2026-24888

Maker.js has Unsafe Property Copying in makerjs.extendObject

Published Jan 29, 2026

CVE-2018-16489CRITICAL

Prototype Pollution in just-extend

Published Feb 7, 2019

MAL-2022-6138

Malicious code in sjcl-extended (npm)

Published Jun 20, 2022

CVE-2021-25945CRITICAL

Prototype pollution vulnerability in js-extend

Published Jun 8, 2021

CVE-2023-26158HIGH

mockjs vulnerable to Prototype Pollution via the Util.extend function

Published Dec 8, 2023

CVE-2014-10064HIGH

Denial-of-Service Extended Event Loop Blocking in qs

Published Oct 9, 2018

CVE-2021-23568HIGH

Prototype Pollution in extend2

Published Jan 12, 2022

CVE-2020-7673CRITICAL

Code Injection in node-extend

Published May 17, 2021

MAL-2026-2929

Malicious code in path-extend (npm)

Published Apr 14, 2026

MAL-2025-258

Malicious code in vuepress-reading-time-extended (npm)

Published Jan 20, 2025

CVE-2018-3750CRITICAL

Prototype Pollution in deep-extend

Published Oct 9, 2018

MAL-2026-584

Malicious code in chai-as-extended (npm)

Published Jan 28, 2026

CVE-2021-23702HIGH

Prototype Pollution in object-extend

Published Feb 19, 2022

MAL-2022-6177

Malicious code in smc-extendsession (npm)

Published Jun 20, 2022

MAL-2025-192743

Malicious code in dotenv-extend (npm)

Published Dec 23, 2025

MAL-2025-192825

Malicious code in no-use-extend-native (npm)

Published Dec 23, 2025

MAL-2025-190734

Malicious code in @ensdomains/hardhat-toolbox-viem-extended (npm)

Published Nov 24, 2025

MAL-2022-2937

Malicious code in extendshall4w (npm)

Published Aug 19, 2022

MAL-2026-2920

Malicious code in buffer-util-extend (npm)

Published Apr 14, 2026

MAL-2022-5617

Malicious code in rdeepgextend (npm)

Published Aug 19, 2022

MAL-2025-266

Malicious code in extendmine (npm)

Published Jan 21, 2025

MAL-2026-240

Malicious code in extended-path (npm)

Published Jan 13, 2026

MAL-2026-2363

Malicious code in env-extend (npm)

Published Mar 24, 2026

Check your entire dependency tree at onceRun dependency scan →