Skip to main content

Algoliasearch Helper

2 CVEs product

Monthly

CVE-2025-3193 npm HIGH POC PATCH This Week

Versions of the package algoliasearch-helper from 2.0.0-rc1 and before 3.11.2 are vulnerable to Prototype Pollution in the _merge() function in merge.js, which allows constructor.prototype to be. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Code Injection Algoliasearch Helper Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2021-23433 npm CRITICAL POC PATCH Act Now

The package algoliasearch-helper before 3.6.2 are vulnerable to Prototype Pollution due to use of the merge function in src/SearchParameters/index.jsSearchParameters._parseNumbers without any. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Algoliasearch Helper
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Versions of the package algoliasearch-helper from 2.0.0-rc1 and before 3.11.2 are vulnerable to Prototype Pollution in the _merge() function in merge.js, which allows constructor.prototype to be. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Code Injection Algoliasearch Helper +1
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC PATCH Act Now

The package algoliasearch-helper before 3.6.2 are vulnerable to Prototype Pollution due to use of the merge function in src/SearchParameters/index.jsSearchParameters._parseNumbers without any. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Algoliasearch Helper
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy