pkg:npm/lodash

10 total CVEsCRITICAL1HIGH3MEDIUM6

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.1CVE-2019-10744Prototype Pollution in lodash
    from 0, < 4.17.12
  • HIGH8.1CVE-2026-4800lodash vulnerable to Code Injection via `_.template` imports key names
    >= 4.0.0, < 4.18.0
  • HIGH7.4CVE-2020-8203Prototype Pollution in lodash
    >= 3.7.0, < 4.17.19
  • HIGH7.2CVE-2021-23337Command Injection in lodash
    from 0, < 4.17.21
  • MEDIUM6.5CVE-2026-2950lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`
    from 0, < 4.18.0
  • MEDIUM6.5CVE-2025-13465Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions
    >= 4.0.0, < 4.17.23
  • MEDIUM6.5CVE-2019-1010266Regular Expression Denial of Service (ReDoS) in lodash
    >= 4.7.0, < 4.17.11
  • MEDIUM6.5CVE-2018-3721Prototype Pollution in lodash
    from 0, < 4.17.5
  • MEDIUM5.6CVE-2018-16487Prototype Pollution in lodash
    from 0, < 4.17.11
  • MEDIUM5.3CVE-2020-28500Regular Expression Denial of Service (ReDoS) in lodash
    >= 4.0.0, < 4.17.21