OsVault/npm/lodash

npm1 critical

lodash

38 known vulnerabilities · 1 critical · 3 high

CVE-2018-16487MEDIUM

Prototype Pollution in lodash

Published Feb 7, 2019

CVE-2020-28500MEDIUM

Regular Expression Denial of Service (ReDoS) in lodash

Published Jan 6, 2022

CVE-2019-10744CRITICAL

Prototype Pollution in lodash

Published Jul 10, 2019

CVE-2025-13465

Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions

Published Jan 21, 2026

CVE-2018-3721MEDIUM

Prototype Pollution in lodash

Published Jul 26, 2018

CVE-2020-8203HIGH

Prototype Pollution in lodash

Published Jul 15, 2020

CVE-2026-4800HIGH

Risk: 40.53/100

lodash vulnerable to Code Injection via `_.template` imports key names

Published Apr 1, 2026

CVE-2019-1010266MEDIUM

Regular Expression Denial of Service (ReDoS) in lodash

Published Jul 19, 2019

CVE-2021-23337HIGH

Command Injection in lodash

Published May 6, 2021

CVE-2026-2950MEDIUM

Risk: 32.52/100

lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`

Published Apr 1, 2026

MAL-2022-4371

Malicious code in lodashuiq (npm)

Published Aug 19, 2022

MAL-2022-4360

Malicious code in lodash.reerghe (npm)

Published Aug 19, 2022

MAL-2022-4363

Malicious code in lodashdkbounce (npm)

Published Aug 19, 2022

MAL-2022-4361

Malicious code in lodashassig (npm)

Published Aug 19, 2022

MAL-2022-4368

Malicious code in lodashisfuncion (npm)

Published Aug 19, 2022

MAL-2024-8059

Malicious code in lodash-scripts (npm)

Published Aug 28, 2024

MAL-2022-1443

Malicious code in babimelpluginlodash (npm)

Published Aug 19, 2022

MAL-2025-3978

Malicious code in @hm6816/lodash-isequal (npm)

Published May 19, 2025

MAL-2025-192377

Malicious code in gs-uitk-lodash (npm)

Published Dec 8, 2025

GHSA-fw9q-39r9-c252

LangSmith Client SDKs has Prototype Pollution in langsmith-sdk via Incomplete `__proto__` Guard in Internal lodash `set()`

Published Apr 10, 2026

MAL-2022-4364

Malicious code in lodashflten (npm)

Published Aug 19, 2022

MAL-2025-318

Malicious code in webpack-extensive-lodash-replacement-plugin (npm)

Published Jan 21, 2025

MAL-2025-191574

Malicious code in eslint-lodash (npm)

Published Dec 1, 2025

MAL-2025-48939

Malicious code in types-lodash.es (npm)

Published Oct 28, 2025

MAL-2024-1201

Malicious code in lodash-electron (npm)

Published Apr 4, 2024

MAL-2022-4370

Malicious code in lodashsiplainobjet (npm)

Published Aug 19, 2022

MAL-2022-4358

Malicious code in lodash-utils (npm)

Published Aug 18, 2022

MAL-2022-4359

Malicious code in lodash.isstgrng (npm)

Published Aug 19, 2022

MAL-2022-4365

Malicious code in lodashfroeach (npm)

Published Aug 19, 2022

MAL-2022-3687

Malicious code in hs-lodash (npm)

Published Jun 20, 2022

MAL-2023-996

Malicious code in yasap-lodash (npm)

Published Jan 30, 2023

MAL-2024-9012

Malicious code in lodasher (npm)

Published Sep 27, 2024

MAL-2022-3352

Malicious code in get-lodash-template-vars (npm)

Published Jun 20, 2022

MAL-2022-4362

Malicious code in lodashclonqedeew (npm)

Published Aug 19, 2022

MAL-2025-3835

Malicious code in lodashing (npm)

Published May 15, 2025

MAL-2022-4366

Malicious code in lodashiequal (npm)

Published Aug 19, 2022

MAL-2022-4367

Malicious code in lodashisemuty (npm)

Published Aug 19, 2022

MAL-2022-4369

Malicious code in lodashisobjct (npm)

Published Aug 19, 2022

Check your entire dependency tree at onceRun dependency scan →