pkg:npm/lodash-es

8 total CVEsCRITICAL1HIGH3MEDIUM4

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.1CVE-2019-10744Prototype Pollution in lodash
    from 0, < 4.17.14
  • HIGH8.1CVE-2026-4800lodash vulnerable to Code Injection via `_.template` imports key names
    >= 4.0.0, < 4.18.0
  • HIGH7.4CVE-2020-8203Prototype Pollution in lodash
    >= 3.7.0, < 4.17.20
  • HIGH7.2CVE-2021-23337Command Injection in lodash
    from 0, < 4.17.21
  • MEDIUM6.5CVE-2026-2950lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`
    from 0, < 4.18.0
  • MEDIUM6.5CVE-2025-13465Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions
    >= 4.0.0, < 4.17.23
  • MEDIUM6.5CVE-2019-1010266Regular Expression Denial of Service (ReDoS) in lodash
    >= 4.7.0, < 4.17.11
  • MEDIUM5.3CVE-2020-28500Regular Expression Denial of Service (ReDoS) in lodash
    >= 4.0.0, < 4.17.21