Known Vulnerabilities for products from Lodash
Listed below are 10 of the newest known vulnerabilities associated with the vendor "Lodash".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-40190 json | Not Provided | 2026-04-10 | 2026-04-10 | |
| CVE-2026-4800 json | Impact: The fix for CVE-2021-23337 (https://github.com/advisories/GHSA-35jh-r3h4-6jhm) added validation for the variable opt... | Not Provided | 2026-03-31 | 2026-04-07 |
| CVE-2026-2950 json | Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the _.unset and _.omit functions. The f... | Not Provided | 2026-03-31 | 2026-04-07 |
| CVE-2021-41720 json | ** DISPUTED ** A command injection vulnerability in Lodash 4.17.21 allows attackers to achieve arbitrary code execution via t... | Not Provided | 2021-09-30 | 2023-11-07 |
| CVE-2021-23337 json | Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function. | 7.2 - HIGH | 2021-02-15 | 2022-09-13 |
| CVE-2020-28500 json | Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and tr... | 5.3 - MEDIUM | 2021-02-15 | 2022-09-13 |
| CVE-2020-8203 json | Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20. | 7.4 - HIGH | 2020-07-15 | 2024-01-21 |
| CVE-2019-1010266 json | lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The com... | 6.5 - MEDIUM | 2019-07-17 | 2020-09-30 |
| CVE-2019-10744 json | Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into ... | 9.1 - CRITICAL | 2019-07-26 | 2024-01-21 |
| CVE-2018-16487 json | A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can b... | 5.6 - MEDIUM | 2019-02-01 | 2020-09-18 |
| CVE-2018-3721 json | lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep,... | 6.5 - MEDIUM | 2018-06-07 | 2019-10-03 |
Known software with vulnerabilities from Lodash
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Lodash | Lodash | 0.1.0 |