Skip to main content

Prototype Pollution

400 CVEs product

Monthly

CVE-2026-54335 npm LOW PATCH GHSA Monitor

The `_.merge(target, source)` utility exported by `@feathersjs/commons` recursively merges `source` into `target` by iterating `Object.keys(source)`. When `source` was produced by `JSON.parse` and contains a `__proto__` (or `constructor` / `prototype`) key, that key is returned as an own-enumerable property. The recursive merge then resolves `target['__proto__']` to `Object.prototype` and writes the attacker-supplied properties onto it, polluting the prototype for all plain objects in the process for the lifetime of the Node process. **Scope of real-world risk is limited.** No first-party Feathers package routes input - trusted or untrusted - through `commons._.merge`. The `@feathersjs/authentication` package, which does merge request-influenced data, uses `lodash/merge` (prototype-pollution-safe since 4.17.12), not this utility. Exploitation therefore requires a downstream plugin or application to pass JSON-parsed, attacker-controlled input directly through the exported `_.merge`. Fixed in `@feathersjs/commons@5.0.45`. The fix skips `__proto__`, `constructor`, and `prototype` keys during iteration - the standard remediation used by lodash and others. Avoid passing JSON-parsed untrusted input through `commons._.merge`. Freezing `Object.prototype` or validating/sanitizing keys upstream also mitigates. Reported responsibly by Andrew Ridings (@ridingsa).

Prototype Pollution Information Disclosure
NVD GitHub
CVSS 3.1
3.7
CVE-2026-15702 LOW PATCH Monitor

A security vulnerability has been detected in tamagui up to 2.3.0. This affects the function updateConfig of the file code/core/web/src/config.ts. Such manipulation leads to improperly controlled modification of object prototype attributes. The attack may be performed from remote. Upgrading to version 2.3.1 is able to mitigate this issue. The name of the patch is e46af9879b7627934ea4d6d6e46e65cea53abb3d. The affected component should be upgraded.

Prototype Pollution Information Disclosure Tamagui
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.3%
CVE-2026-15699 LOW POC PATCH Monitor

Prototype pollution in compromise (spencermountain/compromise) through version 14.15.1 exposes all JavaScript applications using the library to Object.prototype contamination via the nlp.extend() Public Root API. A low-privileged remote attacker who can supply a crafted plugin argument containing __proto__, constructor, or prototype keys can inject properties into the global Object.prototype, producing partial confidentiality, integrity, and availability impact across the Node.js runtime. A public exploit exists via GitHub issue #1208, a vendor patch has been released (commit b4644ab7), and no CISA KEV listing has been confirmed at time of analysis.

Prototype Pollution Information Disclosure Compromise
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.3%
CVE-2026-15698 LOW PATCH Monitor

Prototype pollution in kofrasa mingo up to version 7.2.1 allows low-privileged remote attackers to corrupt JavaScript Object.prototype by supplying `__proto__` as a field selector in `$set`, `updateOne`, or `updateMany` operations, injecting arbitrary properties into all objects within the Node.js process. Proof-of-concept exploit code exists (CVSS 4.0 E:P), and successful exploitation can cascade to application-wide privilege logic bypass, information disclosure, or denial of service depending on how the host application relies on inherited object properties. Vendor-released patch version 7.2.2 is confirmed available.

Prototype Pollution Information Disclosure Mingo
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.3%
CVE-2026-15697 LOW Monitor

Prototype pollution in svg.js (svgdotjs) up to version 3.2.5 allows a remote low-privileged attacker to inject arbitrary properties into JavaScript's shared Object.prototype via the EventTarget.on function of the npm package API. Depending on how consuming applications perform property lookups, this can lead to information disclosure, logic bypass, or integrity violations across the entire JavaScript runtime. No vendor patch exists - the maintainer has not responded to the responsible disclosure - and a proof-of-concept exists (CVSS E:P), though no confirmed active exploitation appears in CISA KEV.

Prototype Pollution Node.js Information Disclosure Svg Js
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.3%
CVE-2026-15607 LOW POC PATCH Monitor

Prototype pollution in TanStack DB's select() query compiler allows low-privileged remote attackers to mutate Object.prototype by supplying dot-notation alias paths containing reserved JavaScript property names such as __proto__, prototype, or constructor. Versions up to 0.6.8 are confirmed affected via CPE cpe:2.3:a:tanstack:db. A publicly available exploit exists (GitHub issue #1584), though the vulnerability is not in CISA KEV. The CVSS 4.0 base score of 2.1 reflects low integrity impact scoped to the vulnerable system, but the downstream consequences of Object.prototype mutation in JavaScript runtimes can exceed what raw scoring conveys depending on application logic.

Information Disclosure Prototype Pollution Db
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.3%
CVE-2026-15598 MEDIUM This Month

Prototype pollution in antv layout 2.0.0 exposes JavaScript runtimes to object prototype manipulation via the `setNestedValue` function in `lib/util/object.js`, where a crafted `path` argument can inject arbitrary properties into the global Object prototype. The CVSS 4.0 vector (AV:N/AC:L/PR:L) indicates network-reachable exploitation requiring low-privilege authentication, with limited but real confidentiality, integrity, and availability impact depending on how downstream application code consumes polluted prototype properties. No public exploit code has been identified and the vulnerability is not listed in CISA KEV; however, the vendor has not responded to the responsible disclosure filed via GitHub issue #292, leaving no patch timeline available.

Information Disclosure Prototype Pollution Layout
NVD VulDB GitHub
CVSS 4.0
5.3
EPSS
0.3%
CVE-2026-15538 MEDIUM Monitor

Prototype pollution in PrimeReact (all versions through 10.9.8) allows authenticated remote attackers to improperly modify JavaScript object prototype attributes via the ObjectUtils.mutateFieldData API function by crafting malicious Field argument values. Affected deployments face limited confidentiality and integrity exposure at the vulnerable system level. No patch has been issued - the maintainer has not responded to responsible disclosure, and the affected version range is officially end-of-life. No public exploit code or CISA KEV listing has been identified at time of analysis.

Information Disclosure Prototype Pollution Primereact
NVD VulDB GitHub
CVSS 4.0
5.3
EPSS
0.3%
CVE-2026-56763 npm MEDIUM PATCH This Month

Prototype pollution in Hono before 4.12.7 enables unauthenticated remote attackers to inject properties into JavaScript's Object.prototype by submitting crafted form field names containing '__proto__' keys when the 'dot' option is enabled in parseBody. Exploitation is conditional - it further requires that application code merges parsed body output into plain JavaScript objects using unsafe merge patterns - but when both conditions are present, attackers can silently alter inherited object behavior across the entire runtime, potentially bypassing authorization checks or leaking sensitive data. No public exploit code or CISA KEV listing exists at time of analysis; the CVSS 4.0 score of 6.3 reflects limited impact and the attack prerequisite of the non-default dot option being enabled.

Information Disclosure Prototype Pollution Hono
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.2%
CVE-2026-59206 HIGH PATCH This Week

Privilege escalation via prototype pollution in n8n workflow automation lets an authenticated low-privilege user (holding the default workflow:create permission) corrupt Object.prototype through a crafted workflow saved, updated, or imported via the workflow API. Once polluted, subsequent unauthenticated requests are evaluated as a privileged user, exposing internal user and project listing endpoints. This is an information-disclosure and access-control flaw with no public exploit identified at time of analysis; CVSS 4.0 base score is 7.1.

Information Disclosure Prototype Pollution N8n
NVD GitHub
CVSS 4.0
7.1
EPSS
0.3%
CVE-2026-15187 LOW POC Monitor

Prototype pollution in the enquirer npm package (versions up to 2.4.1) allows remote authenticated attackers to manipulate JavaScript Object.prototype attributes by injecting a crafted value into the question.name argument of the Enquirer.set() function. The vulnerability carries a low CVSS 4.0 score of 2.1, reflecting limited integrity-only impact scoped to the vulnerable system with no confidentiality or availability consequence. Publicly available exploit code exists via GitHub issue #487, though no active exploitation has been confirmed in CISA KEV.

Information Disclosure Prototype Pollution Enquirer
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.2%
CVE-2026-59876 MEDIUM PATCH This Month

Prototype pollution in protobuf.js versions 8.2.0 through 8.6.4 allows network-reachable attackers to corrupt JavaScript object prototype chains via the Text Format extension, by supplying a map entry whose key is the reserved JavaScript token `__proto__`, causing the parser to overwrite the prototype of the returned map object instead of creating a literal own-property entry. Exploitation is constrained by high attack complexity - only applications explicitly using the optional `/ext/textformat` module and parsing attacker-controlled input are affected - and real-world impact is limited to partial confidentiality and integrity effects in downstream code that inherits or enumerates poisoned prototype properties. No active exploitation has been confirmed (not in CISA KEV) and no public exploit code has been identified at time of analysis.

Information Disclosure Prototype Pollution Protobuf Js
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.2%
CVE-2026-48819 npm MEDIUM PATCH GHSA This Month

Prototype pollution in @hey-api/openapi-ts affects all versions through 0.97.2, allowing remote unauthenticated attackers to substitute the prototype chain of the returned params slot object by passing a crafted key such as '$query___proto__' through any application that forwards user-supplied parameters to a generated SDK method. The flaw resides in a runtime template (dist/clients/core/params.ts) that is copied verbatim into every generated SDK, meaning every downstream npm package regenerated from this tool carries the vulnerable code - confirmed affected consumers include @opencode-ai/sdk and @trigger.dev/sdk. A functional proof-of-concept is publicly available; exploitation is not confirmed as actively exploited and is absent from CISA KEV.

Node.js Docker Code Injection Prototype Pollution
NVD GitHub
CVSS 3.1
4.8
CVE-2026-54756 MEDIUM PATCH This Month

Prototype Pollution in Jodit Editor (versions prior to 4.12.18) allows network-reachable attackers to mutate Object.prototype by supplying crafted configuration payloads to Jodit.configure(), exploiting unfiltered merging in the internal ConfigMerge and ConfigProto helpers. Specifically, keys such as __proto__ or constructor nested inside legitimate option namespaces like controls can propagate to the global JavaScript prototype chain, corrupting runtime behavior for all JavaScript executing in the same environment. No public exploit is identified at time of analysis and the vulnerability is not listed in CISA KEV; however, exploitation is contingent on the host application forwarding user-controlled input into Jodit.configure(), a pattern common in configurable WYSIWYG deployments.

Information Disclosure Prototype Pollution Jodit
NVD GitHub
CVSS 4.0
6.3
EPSS
0.3%
CVE-2026-48795 npm HIGH PATCH GHSA This Week

{} literals. No public exploit identified at time of analysis, but the high CVSS (8.6) and trivial exploitation make this a priority for affected deployments.

RCE Prototype Pollution
NVD GitHub
CVSS 3.1
8.6
CVE-2026-57926 CRITICAL PATCH Act Now

Prototype pollution in JetBrains YouTrack's websandbox bridge (all versions before 2026.2.16593) lets an attacker who can reach the sandbox boundary corrupt JavaScript Object.prototype, potentially escaping the sandbox or disclosing information. The flaw was internally reported by JetBrains and classed as CWE-1321; it carries a vendor-published CVSS of 9.8, but no public exploit has been identified at time of analysis and EPSS rates exploitation probability low at 0.40% (32nd percentile).

Information Disclosure Prototype Pollution Youtrack
NVD VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2026-54639 HIGH PATCH This Week

{ output: 'object' })`, the Expand API, and the transform lifecycle, and is most dangerous when Style Dictionary runs inside a Node.js server that ingests untrusted tokens. No public exploit identified at time of analysis and CISA has not listed it in KEV.

Prototype Pollution Information Disclosure Style Dictionary
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-48170 npm CRITICAL PATCH GHSA Act Now

Prototype pollution in the npm package scim-patch (versions <= 0.9.0) allows authenticated SCIM provisioning clients to mutate Object.prototype process-wide by submitting a PATCH operation whose value object contains a key such as `__proto__.someProp` or `constructor.prototype.someProp`. Because the side effect persists for the lifetime of the Node process and leaks into every plain object, downstream code that checks flags like `req.user.isAdmin` against unpolluted plain objects can suffer privilege escalation, logic bypass, or denial of service. Publicly available exploit code exists (proof-of-concept in the GHSA advisory and now in the package's test suite); no public exploit identified as in-the-wild use at time of analysis.

Prototype Pollution Privilege Escalation Node.js
NVD GitHub
CVSS 3.1
9.1
CVE-2026-49252 npm CRITICAL PATCH GHSA Act Now

Prototype pollution in deepstream.io versions prior to 10.0.5 allows an authenticated client with write permission to any record to corrupt the Node.js Object prototype by submitting record-update messages whose path contains tokens such as __proto__, constructor, or prototype. Because deepstream's permission valve and record-transition pipeline both invoke setValue with the attacker-controlled path, polluting the prototype can taint subsequent permission and transition logic and lead to privilege escalation across all connected clients. No public exploit identified at time of analysis, though the upstream commit (54b8e29) and patch tests publicly demonstrate the exact vulnerable path semantics.

Prototype Pollution Privilege Escalation Deepstream Io
NVD GitHub
CVSS 3.1
9.9
EPSS
0.3%
CVE-2026-55886 npm MEDIUM PATCH GHSA This Month

Prototype pollution in the Jodit WYSIWYG editor npm package (versions < 4.12.26) allows mutation of Object.prototype via the public helper API Jodit.modules.Helpers.set(). When an application passes user-controlled or partially user-controlled key paths to this function, an attacker can inject arbitrary properties into the global Object.prototype, enabling logic bypass, denial of service, or secondary security issues throughout the entire JavaScript runtime. A proof-of-concept is publicly available in the GitHub advisory (GHSA-vpmm-x3fm-qr5c); no public exploit identified at time of analysis beyond this PoC, and no CISA KEV listing exists.

Prototype Pollution Node.js Denial Of Service
NVD GitHub
CVSS 4.0
6.3
EPSS
0.3%
CVE-2026-53676 HIGH This Week

Sandbox escape via prototype pollution in ThingsBoard (versions prior to v4.3.1.2) allows a TENANT_ADMIN-authenticated user to achieve arbitrary code execution within the tb-js-executor sandboxed JavaScript context. The flaw lets a rule-chain script reach the host realm through the `args.constructor.constructor` chain (e.g., synthesizing a Function that returns `process`), defeating the intended VM isolation. No public exploit identified at time of analysis, though the upstream regression test in PR #15600 effectively documents the escape technique.

Prototype Pollution RCE Thingsboard
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
0.8%
CVE-2026-54312 npm HIGH PATCH GHSA This Week

Denial of service in n8n workflow automation platform (versions prior to 2.24.0) allows an authenticated user with workflow create/edit permissions to trigger global prototype pollution via a crafted table parameter in the Microsoft SQL node. The pollution of Object.prototype persists for the lifetime of the n8n process, causing application-wide validation failures until the server is restarted. No public exploit identified at time of analysis, though the vendor advisory provides clear technical detail.

Prototype Pollution Microsoft Information Disclosure
NVD GitHub VulDB
CVSS 4.0
7.2
EPSS
0.3%
CVE-2026-54306 npm MEDIUM PATCH GHSA This Month

Prototype pollution in n8n's internal webhook object-copying routine enables unauthenticated network attackers to inject attacker-controlled fields into workflow execution data, turning affected workflows into confused deputies that abuse the workflow owner's stored credentials. Affected npm package versions span all n8n releases below 2.25.7 and the 2.26.0-2.26.1 range; vendor-confirmed patches are available. Exploitation is constrained by a specific workflow topology requirement, but where that topology exists the impact extends beyond n8n itself to external systems reachable via the owner's configured credentials - a scope change that the CVSS S:C metric appropriately captures. No public exploit code and no CISA KEV listing have been identified at time of analysis.

Prototype Pollution Information Disclosure
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.4%
CVE-2026-48714 npm CRITICAL PATCH GHSA Act Now

Remote prototype pollution in i18next-http-middleware before 3.9.7 allows unauthenticated attackers to write to Object.prototype by submitting dotted request-body keys such as '__proto__.polluted' to the missingKeyHandler. The 3.9.3 denylist blocked only literal unsafe keys; downstream backends (notably i18next-fs-backend ≤ 2.6.5) that split missing-key strings on the configured keySeparator then walked these segments into an unguarded setPath(). No public exploit identified at time of analysis, but PoC payloads are embedded in the upstream security test suite.

Prototype Pollution Node.js Denial Of Service I18Next Http Middleware
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.4%
CVE-2026-48713 npm CRITICAL PATCH GHSA Act Now

Prototype pollution in i18next-fs-backend versions prior to 2.6.6 allows remote attackers to write arbitrary properties onto Object.prototype by submitting crafted missing-translation keys such as '__proto__.polluted' to applications that expose i18next-http-middleware's missingKeyHandler to untrusted input. Backend.writeFile() split keys on the configured keySeparator (default '.') and the getLastOfPath walker in lib/utils.js did not filter unsafe segments before traversing the target object. No public exploit identified at time of analysis, but a coordinated-disclosure advisory (GHSA-2933-q333-qg83) and a fixing commit are public, and downstream impact can include denial of service, configuration poisoning, and bypass of property-based security checks.

Prototype Pollution Denial Of Service I18Next Fs Backend
NVD GitHub
CVSS 3.1
9.1
EPSS
0.4%
CVE-2026-12209 MEDIUM POC This Month

Prototype pollution in RubyLouvre Avalon's Template Filter Handler (src/filters/index.js) allows remote unauthenticated attackers to modify JavaScript Object.prototype attributes by supplying crafted template filter input. All versions through 2.2.10 are affected per the CPE range cpe:2.3:a:rubylouvre:avalon:*:*:*:*:*:*:*:*. No vendor patch exists - the maintainer did not respond to coordinated disclosure - and a public exploit is available on GitHub (OriginSecurityX/avalon-filter-rce), which the repository title characterizes as capable of remote code execution, a materially more severe claim than the CVSS 4.0 VI:L rating assigned by the reporter.

Prototype Pollution Information Disclosure Avalon
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.3%
CVE-2026-12208 MEDIUM POC This Month

Prototype pollution in jsonata-js (all versions up to 2.2.0) allows remote unauthenticated attackers to inject arbitrary properties into JavaScript's Object.prototype via the createFrame function in src/jsonata.js. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) with exploitation status E:P confirms this is network-exploitable with zero prerequisites, and a public proof-of-concept has been published on GitHub demonstrating a hasOwnProperty guard bypass. No patch exists - the vendor failed to respond to coordinated disclosure - leaving all users of jsonata ≤ 2.2.0 indefinitely exposed.

Prototype Pollution Information Disclosure Jsonata Red Hat
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.3%
CVE-2026-53609 CRITICAL Act Now

Prototype pollution in ApostropheCMS versions up to and including 4.30.0 allows an authenticated editor to poison Object.prototype via the $pullAll patch operator, ultimately bypassing authorization on all piece-type REST API endpoints for unauthenticated requests until the Node.js process restarts. The flaw stems from apos.util.set() failing to sanitize __proto__ in dot-notation paths, and no public exploit identified at time of analysis but the advisory describes a confirmed exploitation gadget in publicApiCheck(). No vendor-released patch identified at time of analysis, making this an open-window risk for any internet-exposed editor account.

Prototype Pollution Authentication Bypass Node.js Apostrophe
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-44490 npm HIGH PATCH GHSA This Week

Denial-of-service and HTTP header injection in the axios npm package (>=1.0.0,<1.16.0 and <=0.31.1) arise from two read-side prototype-pollution gadgets in lib/utils.js merge() and lib/core/mergeConfig.js, allowing a polluted Object.prototype (typically from an upstream dependency such as lodash CVE-2018-16487) to inject arbitrary outbound headers or crash every axios call with a synchronous TypeError. Publicly available exploit code exists in the GHSA advisory PoC, but EPSS is only 0.04% (13th percentile) and SSVC marks Automatable=no with partial technical impact, so this is a credible secondary-gadget risk rather than a mass-exploitation target.

Denial Of Service Prototype Pollution Red Hat
NVD GitHub VulDB
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-46681 npm HIGH PATCH GHSA This Week

Prototype pollution in @nevware21/ts-utils versions <= 0.13.0 allows attackers to corrupt the global Object prototype by passing crafted JSON containing a __proto__ key to objDeepCopy or objCopyProps. The flaw resides in the _copyProps helper, which iterates source properties with for...in without hasOwnProperty filtering and does not block dangerous keys. Publicly available exploit code exists via the vendor's GHSA proof-of-concept, though no public exploit identified at time of analysis beyond the disclosure PoC, and no KEV listing.

Information Disclosure Prototype Pollution
NVD GitHub
EPSS
0.1%
CVE-2026-46625 npm HIGH PATCH GHSA This Week

Cookie-attribute injection in js-cookie versions 3.0.5 and earlier allows remote attackers to override security-relevant Set-Cookie attributes (domain, secure, samesite, expires, path) by supplying a JSON-derived attributes object containing a __proto__ key. Publicly available exploit code exists in the GHSA-qjx8-664m-686j advisory demonstrating per-instance prototype hijack via the assign() helper. No active exploitation has been observed, and the issue is fixed in 3.0.7.

Ubuntu Node.js Prototype Pollution Information Disclosure
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-9101 MEDIUM This Month

Prototype pollution in MongoDB Compass's CSV import parsing logic creates a '1-click' command execution path across versions 1.36.x through 1.49.5. A crafted CSV file can pollute JavaScript object prototypes during the import workflow, causing untrusted file paths to reach Electron's shell.openExternal() API and be executed by the operating system's default handler. No public exploit code has been identified and this CVE is absent from CISA KEV, but the passive user-interaction requirement - simply importing a CSV as part of routine database work - makes targeted social engineering a credible delivery vector in data-heavy environments.

Information Disclosure Prototype Pollution
NVD VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-45325 npm HIGH PATCH GHSA This Week

Prototype pollution in the @tmlmobilidade/utils npm package allows remote unauthenticated attackers to inject properties into Object.prototype via the setValueAtPath() helper, leading to integrity compromise and partial availability impact in any downstream application that passes user-influenced paths into the function. The flaw is rated CVSS 8.2 (AV:N/AC:L/PR:N/UI:N) and is fixed in version 20260509.0340.15; no public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Information Disclosure Prototype Pollution
NVD GitHub
CVSS 3.1
8.2
EPSS
0.1%
CVE-2026-45302 npm HIGH PATCH GHSA This Week

Prototype pollution in the npm package parse-nested-form-data version 1.0.0 and earlier allows unauthenticated remote clients to mutate Object.prototype of the running Node.js process by submitting a FormData field whose name contains __proto__ in bracket or dot notation. The flaw resides in handlePathPart in src/index.ts, which walks nested path segments without filtering reserved keys, so a single crafted field name pollutes the prototype chain of every plain object in the process. No public exploit identified at time of analysis, but a working proof-of-concept is published in the GHSA advisory itself.

Path Traversal Node.js Prototype Pollution Denial Of Service
NVD GitHub
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-46510 npm HIGH PATCH GHSA This Week

Prototype pollution in the npm package form-data-objectizer (<= 1.0.0) lets unauthenticated remote attackers mutate Object.prototype by submitting a single HTTP form field whose name uses bracket notation such as __proto__[polluted] or constructor[prototype][polluted]. The defect lives in treatInitial/treatSecond inside index.cjs, where an 'in' check walks the prototype chain and lets the parser write to inherited properties. CVSS is 8.2 (High) with Integrity:High; publicly available exploit code exists (working PoC published in the GHSA advisory), but there is no public exploit identified as being used in attacks and no CISA KEV listing.

Prototype Pollution Node.js Denial Of Service
NVD GitHub
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-8657 HIGH PATCH This Week

Prototype pollution in the jsondiffpatch JavaScript library before 0.7.6 allows attackers to modify Object.prototype by supplying crafted delta documents to jsondiffpatch.patch() or JSON Patch documents to the jsonpatch formatter's patch() API. Because attacker-controlled key names and JSON Pointer path segments were used to traverse and mutate objects without filtering __proto__, constructor, or prototype, any application that feeds untrusted diffs into the library can have global object behavior tampered with. A public POC exists in the Snyk advisory and an accompanying gist, but there is no public exploit identified at time of analysis (not on CISA KEV).

Prototype Pollution Information Disclosure Jsondiffpatch
NVD GitHub VulDB
CVSS 4.0
7.8
EPSS
0.1%
CVE-2026-46509 npm HIGH PATCH GHSA This Week

Prototype pollution in @ranfdev/deepobj npm package (versions ≤1.0.2) allows remote unauthenticated attackers to modify JavaScript object prototypes when property paths containing '__proto__', 'constructor', or 'prototype' are processed. The CVSS vector (AV:N/AC:L/PR:N/UI:N) indicates trivial exploitation against network-accessible applications, though real-world impact depends critically on whether user-controlled input is passed to property path parameters. EPSS data unavailable; not listed in CISA KEV. Publicly available exploit code exists (GitHub advisory GHSA-x7q7-fchv-8h2j). Vendor-released patch available in version 1.0.3.

Information Disclosure Prototype Pollution
NVD GitHub
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-44791 npm CRITICAL PATCH NEWS GHSA Act Now

Remote code execution in n8n workflow automation platform is possible via a prototype pollution patch bypass in the XML node, affecting versions prior to 1.123.43, 2.20.7, and 2.22.1. Authenticated users with workflow creation or modification permissions can bypass the prior fix for GHSA-hqr4-h3xv-9m3r and, by chaining the XML node with other nodes, achieve code execution on the n8n host. No public exploit identified at time of analysis, though EPSS is low (0.05%) suggesting limited near-term mass exploitation despite the high CVSS 4.0 score of 9.4.

Authentication Bypass Prototype Pollution
NVD GitHub VulDB
CVSS 4.0
9.4
EPSS
0.0%
CVE-2026-44789 npm CRITICAL PATCH NEWS GHSA Act Now

Prototype pollution leading to remote code execution in n8n workflow automation platform allows authenticated users with workflow create/modify permissions to corrupt the global Object prototype via an unvalidated pagination parameter in the HTTP Request node. Affecting n8n versions before 1.123.43, 2.20.7, and 2.22.1, the flaw chains with other techniques to escalate to full instance compromise. No public exploit identified at time of analysis, with EPSS at 0.05% (16th percentile) indicating low observed exploitation interest despite CVSS 4.0 9.4 critical rating.

Information Disclosure Prototype Pollution
NVD GitHub VulDB
CVSS 4.0
9.4
EPSS
0.0%
CVE-2026-44292 npm MEDIUM PATCH GHSA This Month

Prototype injection in protobufjs generated message constructors allows attackers controlling plain objects passed to message constructors to modify the prototype chain of individual message instances via an enumerable `__proto__` property. Affects protobufjs versions 7.5.5 and earlier, and 8.0.0-8.0.1. This is a per-instance prototype pollution issue (not global) with impact dependent on downstream application behavior such as inherited property reliance or `instanceof` checks. No active exploitation confirmed; no public exploit identified at time of analysis.

RCE Prototype Pollution
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-44290 npm HIGH PATCH GHSA This Week

Prototype pollution in protobufjs allows denial of service through corrupted JavaScript built-ins when parsing untrusted schemas. Attackers who control protobuf schemas or JSON descriptors can write to inherited object properties on global constructors, causing process-wide state corruption that persists until restart. CVSS 7.5 (High) with network vector and no authentication required, but real-world risk is limited to applications parsing schemas from untrusted sources-applications only decoding untrusted message payloads with trusted schemas are not affected. Vendor-released patches available: v7.5.6 and v8.0.2. No active exploitation confirmed (not in CISA KEV), and no public exploit code identified at time of analysis.

Denial Of Service RCE Prototype Pollution
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-44483 npm HIGH PATCH GHSA This Week

Prototype pollution in @rvf/set-get allows remote attackers to modify Object.prototype on Node.js servers processing form data via Remix or React Router applications. The setPath function fails to block dangerous property keys (__proto__, constructor, prototype) when flattening form submissions, enabling unauthenticated attackers to inject arbitrary properties into all JavaScript objects across the server process with a single malformed HTTP request. Working proof-of-concept code is publicly available demonstrating property injection via field names like '__proto__[polluted]'. The vulnerability affects default configurations with no special setup required - any endpoint using parseFormData or createValidator is exploitable. CVSS 8.2 High severity driven by network attack vector (AV:N), low complexity (AC:L), and no authentication requirement (PR:N), with high integrity impact from the ability to alter application logic process-wide.

Denial Of Service Node.js Prototype Pollution
NVD GitHub VulDB
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-44966 npm HIGH GHSA This Week

Prototype pollution in Velocity.js npm package versions <=2.1.5 allows remote attackers to modify Object.prototype through malicious #set directives in templates, enabling denial of service or potential remote code execution when template content is attacker-controlled. Publicly available exploit code exists. EPSS data unavailable, but the low attack complexity (CVSS AC:L), network attack vector (AV:N), and no authentication requirement (PR:N) combined with published POC code indicate elevated risk for applications rendering untrusted Velocity templates.

Denial Of Service RCE Prototype Pollution
NVD GitHub
CVSS 3.1
8.3
EPSS
0.1%
CVE-2025-63704 npm CRITICAL GHSA Act Now

Prototype pollution in query-string-parser 1.0.0 enables remote unauthenticated attackers to inject malicious properties into JavaScript object prototypes via crafted query parameters, achieving arbitrary code execution, privilege escalation, or denial of service in Node.js applications. CVSS 9.8 critical severity with network attack vector and no authentication required. EPSS score of 0.02% (4th percentile) indicates low observed exploitation probability despite critical rating. Publicly available proof-of-concept exists (GitHub Gist), but no CISA KEV listing confirms active exploitation. SSVC framework rates this as automatable with total technical impact but currently unexploited, suggesting opportunistic future risk rather than immediate widespread targeting.

Node.js Prototype Pollution Information Disclosure
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-63703 npm CRITICAL GHSA Act Now

npm package parse-ini v1.0.6 is vulnerable to Prototype Pollution in index.js().

Node.js Prototype Pollution Information Disclosure
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-42264 npm CRITICAL PATCH GHSA Act Now

Prototype pollution read-side gadgets in the axios HTTP adapter (npm, versions >=1.0.0 to <1.15.2) allow an attacker who has already polluted Object.prototype in the same Node.js process to hijack every outbound request - injecting attacker-controlled Authorization headers, redirecting relative-URL requests to an external server, pointing requests at internal Unix sockets (SSRF/container escape), forcing Node's insecure HTTP parser, and even executing an attacker-supplied beforeRedirect callback. The flaw stems from five config properties (auth, baseURL, socketPath, beforeRedirect, insecureHTTPParser) being read via direct property access that traverses the prototype chain, unlike eight sibling properties already guarded by an own() helper. A working proof-of-concept is published in the GHSA advisory, but EPSS is only 0.03% and the issue is not in CISA KEV - no public exploit identified at time of analysis as a standalone attack, and it requires a separate prototype pollution primitive to fire.

SSRF RCE Prototype Pollution Docker Node.js
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-42077 npm MEDIUM PATCH This Month

Prototype pollution in EvoMap Evolver versions prior to 1.69.3 allows local attackers with high privileges to inject malicious properties into Object.prototype via unfiltered Object.assign() calls in the mailbox store module, potentially modifying the behavior of all JavaScript objects and causing information disclosure or denial of service. The vulnerability requires file system write access to the messages.jsonl persistence file and high privileges, limiting real-world exploitability to insider or local compromise scenarios.

Prototype Pollution Code Injection
NVD GitHub
CVSS 3.1
5.2
EPSS
0.0%
CVE-2026-42232 npm CRITICAL PATCH GHSA Act Now

Prototype pollution in n8n's XML node allows authenticated workflow editors to achieve remote code execution through global prototype manipulation. The vulnerability affects n8n workflow automation platform versions prior to 1.123.32, 2.17.4, and 2.18.1, enabling attackers with workflow creation privileges to inject malicious properties into JavaScript object prototypes that can be exploited by other nodes to execute arbitrary code. Vendor-released patches are available for all affected version branches. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis, though the CVSS 10.0 score reflects the critical scope change and complete system compromise potential.

Prototype Pollution Information Disclosure
NVD GitHub VulDB
CVSS 4.0
9.4
EPSS
0.1%
CVE-2026-42231 npm CRITICAL PATCH GHSA Act Now

Prototype pollution in n8n's XML webhook parser (xml2js library) enables remote code execution when chained with Git node SSH operations. Authenticated users with workflow editing permissions can inject malicious XML payloads to pollute JavaScript object prototypes, then leverage the polluted prototype in Git node operations to execute arbitrary code on the n8n host server. GitHub advisory GHSA-q5f4-99jv-pgg5 confirms patches available in versions 1.123.32, 2.17.4, and 2.18.1. No CISA KEV listing or public POC identified at time of analysis, but the CVSS 10.0 score appears inconsistent with the authenticated (PR:L expected) nature described in the advisory.

RCE Prototype Pollution
NVD GitHub VulDB
CVSS 4.0
9.4
EPSS
0.5%
CVE-2026-42033 npm HIGH POC PATCH GHSA This Week

Prototype pollution in Axios HTTP client versions before 1.15.1 and 0.31.1 enables silent interception and modification of all JSON responses or complete HTTP transport hijacking when the JavaScript Object.prototype has been polluted by a co-dependency. This vulnerability requires a separate prototype pollution source within the same Node.js process but requires no authentication once that precondition exists. An attacker can then access credentials, headers, and request bodies across the application. EPSS data not available; no public exploit identified at time of analysis.

Node.js Information Disclosure Prototype Pollution Axios
NVD GitHub VulDB
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-6621 MEDIUM POC This Month

Prototype pollution in extend-deep npm package (up to 0.1.6) enables remote attackers to manipulate JavaScript object prototypes via crafted __proto__ payloads, achieving low-severity confidentiality, integrity, and availability impacts. Public exploit code exists on GitHub. CVSS 7.3 with network attack vector and no authentication required. Project repository inactive for years, making official patch unlikely. EPSS data unavailable, but prototype pollution attacks are well-understood and automatable. Not listed in CISA KEV, suggesting limited widespread exploitation despite public POC.

Information Disclosure Prototype Pollution
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-6594 npm MEDIUM POC This Month

Prototype pollution in brikcss merge library versions 1.0 through 1.3.0 enables remote unauthenticated attackers to inject malicious properties into JavaScript Object prototypes via crafted __proto__, constructor.prototype, or prototype arguments, potentially leading to information disclosure, authentication bypass, or denial of service. Publicly available exploit code exists (GitHub PoC from sudo-secure). CVSS 7.3 with network vector and no authentication required. Vendor unresponsive to disclosure attempts.

Information Disclosure Prototype Pollution
NVD VulDB GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-34622 HIGH This Week

Prototype pollution in Adobe Acrobat Reader allows arbitrary code execution when victims open malicious PDF files. Affects Acrobat Reader versions through 26.001.21411, 24.001.30360, and 24.001.30362. Attack requires local file access with user interaction (CVSS AV:L/UI:R) but achieves scope change and full CIA impact (S:C/C:H/I:H/A:H), yielding CVSS 8.6. No public exploit identified at time of analysis. Vendor advisory available from Adobe (APSB26-44). EPSS data not provided; exploitation status limited to user-interaction-dependent local attack vector.

Prototype Pollution Adobe RCE
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2026-34626 MEDIUM This Month

Prototype pollution in Adobe Acrobat Reader versions 26.001.21411, 24.001.30360, 24.001.30362 and earlier allows arbitrary file system read operations in the context of the current user when a victim opens a malicious PDF or document. The vulnerability requires user interaction but enables confidentiality compromise with high impact; no active exploitation confirmed but the attack surface is broad given Acrobat Reader's ubiquity in document handling.

Prototype Pollution Adobe Information Disclosure
NVD
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-34621 HIGH POC KEV THREAT NEWS Act Now

Prototype pollution in Adobe Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier enables arbitrary code execution in user context via malicious PDF files. Attack requires user interaction to open a crafted document. CVSS 9.6 (Critical) reflects network-deliverable code execution with scope change, though EPSS 0.24% (46th percentile) suggests moderate real-world exploitation probability. No public exploit identified at time of analysis.

Prototype Pollution RCE Adobe
NVD VulDB GitHub
CVSS 3.1
8.6
EPSS
0.2%
Threat
4.7
CVE-2026-40190 npm CRITICAL PATCH GHSA Act Now

Prototype pollution in the LangSmith JavaScript/TypeScript SDK (npm 'langsmith', versions <= 0.5.17) lets an attacker who controls object keys passed to the createAnonymizer() API pollute Object.prototype for the entire Node.js process. The internally vendored lodash set() utility guards only the __proto__ key and misses the constructor.prototype traversal path, so a crafted key like 'constructor.prototype.polluted' bypasses the fix. Publicly available exploit code exists (SSVC 'poc' plus regression tests in the fix PR), but EPSS is only 0.04% with no evidence of active exploitation; notably the vendor GHSA rates this Medium (~CVSS 5.6), conflicting sharply with the NVD 9.8.

Information Disclosure Node.js Prototype Pollution Langsmith Sdk
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-35209 npm HIGH PATCH GHSA This Week

Prototype pollution in defu npm package (≤6.1.4) allows remote attackers to override application logic by injecting __proto__ keys through unsanitized user input. The vulnerability enables authentication bypass and arbitrary property injection when applications merge untrusted JSON, database records, or configuration data using defu(). CVSS 7.5 (High) with network-accessible, low-complexity exploitation requiring no authentication. No active exploitation confirmed (not in CISA KEV), but public proof-of-concept exists in the GitHub advisory demonstrating admin privilege escalation.

Prototype Pollution Authentication Bypass
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-2950 npm MEDIUM PATCH GHSA This Month

Prototype pollution in Lodash 4.17.23 and earlier allows unauthenticated remote attackers to delete properties from built-in prototypes (Object.prototype, Number.prototype, String.prototype) via array-wrapped path segments in _.unset and _.omit functions, bypassing the incomplete fix for CVE-2025-13465. The vulnerability has a CVSS score of 6.5 with low integrity and availability impact; no public exploit code or active exploitation has been confirmed at time of analysis.

Prototype Pollution Authentication Bypass Red Hat
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-34221 npm HIGH PATCH GHSA This Week

Prototype pollution in MikroORM's Utils.merge function allows attackers to modify JavaScript object prototypes when applications pass untrusted user input into ORM operations. Affects @mikro-orm/core npm package, enabling denial of service and potentially SQL injection when polluted properties influence query construction. No public exploit identified at time of analysis, though GitHub security advisory published by the project maintainers confirms the vulnerability class (CWE-1321).

Prototype Pollution Denial Of Service SQLi
NVD GitHub
CVSS 4.0
8.3
EPSS
0.0%
CVE-2026-33994 npm MEDIUM PATCH This Month

Prototype pollution in locutus npm package version 2.0.39 through 3.0.24 allows remote attackers to bypass `Object.prototype` pollution guards via a crafted query string passed to the `parse_str` function, enabling authentication bypass, denial of service, or remote code execution in chained attack scenarios where `RegExp.prototype.test` has been previously compromised. Publicly available exploit code exists demonstrating the vulnerability; vendor-released patch available in version 3.0.25.

PHP Denial Of Service Node.js Prototype Pollution Authentication Bypass +2
NVD GitHub
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-33993 npm MEDIUM PATCH This Month

Prototype pollution in the locutus npm package's unserialize() function allows remote attackers to inject arbitrary properties into deserialized objects by crafting malicious PHP-serialized payloads containing __proto__ keys, enabling authorization bypass, property propagation attacks, and denial of service via method override. The vulnerability affects locutus versions prior to 3.0.25; publicly available exploit code exists demonstrating property injection, for-in propagation to real own properties, and built-in method disruption.

PHP Node.js Prototype Pollution Deserialization Denial Of Service +1
NVD GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-33864 npm CRITICAL PATCH NEWS Act Now

Prototype pollution in convict npm package version 6.2.4 allows attackers to bypass previous security fixes and pollute Object.prototype through crafted input that manipulates String.prototype.startsWith. The vulnerability affects applications processing untrusted input via convict.set() and can lead to authentication bypass, denial of service, or remote code execution if polluted properties reach dangerous sinks like eval or child_process. A working proof-of-concept exploit demonstrating the bypass technique exists in the advisory.

Mozilla Node.js Prototype Pollution RCE Denial Of Service +1
NVD GitHub
EPSS
0.8%
CVE-2026-33863 npm CRITICAL PATCH Act Now

Prototype pollution in Mozilla's node-convict configuration library allows attackers to inject properties into Object.prototype via two unguarded code paths: config.load()/loadFile() methods that fail to filter forbidden keys during recursive merge operations, and schema initialization accepting constructor.prototype.* keys during default-value propagation. Applications using node-convict (pkg:npm/convict) that process untrusted configuration data face impacts ranging from authentication bypass to remote code execution depending on how polluted properties propagate through the application. This represents an incomplete fix for prior prototype pollution issues (GHSA-44fc-8fm5-q62h), with no public exploit identified at time of analysis.

Mozilla Node.js Prototype Pollution RCE Authentication Bypass
NVD GitHub
EPSS
0.0%
CVE-2026-33672 npm MEDIUM PATCH This Month

picomatch is vulnerable to a method injection vulnerability (CWE-1321) in its POSIX_REGEX_SOURCE object that allows specially crafted POSIX bracket expressions like [[:constructor:]] to reference inherited Object.prototype methods, causing these methods to be stringified and injected into generated regular expressions. This affects all versions of the npm package picomatch prior to 2.3.2, 3.0.2, and 4.0.4, and can cause incorrect glob matching behavior leading to integrity violations where patterns match unintended filenames; while this does not enable remote code execution, it can compromise security-relevant logic in applications using glob matching for filtering, validation, or access control. The vulnerability is not listed in CISA KEV and has no widely published proof-of-concept, but patches are available from the vendor.

RCE Prototype Pollution Red Hat
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-33696 npm CRITICAL POC PATCH NEWS Act Now

A prototype pollution vulnerability in the XML and GSuiteAdmin nodes of n8n workflow automation platform allows authenticated users with workflow creation or modification permissions to achieve remote code execution. Versions prior to 2.14.1, 2.13.3, and 1.123.27 are affected. The CVSS score of 9.4 (Critical) reflects network-based exploitation with low complexity requiring only low-level authentication, though no current KEV listing or public POC availability is indicated in the provided intelligence.

Prototype Pollution RCE
NVD GitHub VulDB
CVSS 4.0
9.4
EPSS
0.5%
CVE-2026-33228 npm HIGH PATCH This Week

Prototype pollution in the flatted npm library (versions <= 3.4.1) lets an attacker who controls input to the parse() function leak a live reference to Array.prototype into the returned object, so any later write to that property poisons the global prototype chain. The flaw stems from parse() using attacker-supplied JSON string values such as "__proto__" as raw array index keys without numeric validation. Publicly available exploit code exists (a three-line proof of concept in the GitHub Security Advisory), though EPSS is only 0.01% (2nd percentile) and it is not in CISA KEV.

RCE Denial Of Service Prototype Pollution
NVD GitHub VulDB
CVSS 4.0
8.9
EPSS
0.0%
CVE-2026-27524 npm LOW PATCH Monitor

OpenClaw versions prior to 2026.2.21 are vulnerable to prototype pollution attacks via the /debug set endpoint, allowing authenticated attackers to inject reserved prototype keys (__proto__, constructor, prototype) and manipulate object prototypes to bypass command gate restrictions. The vulnerability requires authenticated access and has relatively low real-world exploitability due to high attack complexity, but presents a meaningful integrity risk for authorized users who may not be aware of this attack vector. A patch is available from the vendor.

Authentication Bypass Prototype Pollution
NVD GitHub VulDB
CVSS 4.0
2.3
EPSS
0.0%
CVE-2026-32886 npm HIGH PATCH This Week

Parse Server is vulnerable to denial of service when remote attackers craft malicious cloud function names that exploit prototype chain traversal, allowing them to trigger stack overflows and crash the server process. The vulnerability stems from improper property lookup restrictions during function name resolution. A patch is available that limits lookups to own properties only.

Prototype Pollution Denial Of Service
NVD GitHub VulDB
EPSS
0.0%
CVE-2026-31865 npm MEDIUM PATCH This Month

Elysia (npm package, versions prior to 1.4.27) is vulnerable to prototype pollution through maliciously crafted cookie names, allowing unauthenticated attackers to override application cookie values and potentially inject arbitrary data into the application's object prototype. With a CVSS score of 6.5 and network-accessible attack vector requiring no privileges or user interaction, attackers can manipulate cookie handling to gain limited information disclosure and integrity compromise. A proof-of-concept exploit demonstrating the `__proto__` injection vector exists in the GitHub advisory.

Code Injection Prototype Pollution
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-4239 LOW POC Monitor

A vulnerability was found in Lagom WHMCS Template up to 2.3.7.

Information Disclosure Prototype Pollution
NVD VulDB GitHub
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-32621 npm CRITICAL PATCH Act Now

Prototype pollution in Apollo Federation before multiple versions.

Information Disclosure Prototype Pollution
NVD GitHub
CVSS 3.1
9.9
EPSS
0.0%
CVE-2026-30226 npm HIGH PATCH This Week

In devalue v5.6.3, `devalue.parse` and `devalue.unflatten` were susceptible to prototype pollution via maliciously crafted payloads. Successful exploitation could lead to Denial of Service (DoS) or type confusion.

Denial Of Service Prototype Pollution Devalue Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-29063 npm HIGH PATCH GHSA This Week

Immutable.js provides many Persistent Immutable data structures. versions up to 3.8.3 is affected by improperly controlled modification of object prototype attributes (prototype pollution).

Prototype Pollution Information Disclosure Immutable
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-25754 npm HIGH PATCH This Week

AdonisJS is a TypeScript-first web framework. versions up to 10.1.3 is affected by improperly controlled modification of object prototype attributes (prototype pollution) (CVSS 7.2).

Prototype Pollution Information Disclosure Bodyparser
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-25521 npm CRITICAL POC PATCH Act Now

Prototype pollution in the Locutus JavaScript library (npm package, versions >= 2.0.12 and < 2.0.39) lets attacker-influenced input passed to the php.strings.parse_str function pollute Object.prototype, bypassing a prior guard. The earlier fix rejected forbidden keys using String.prototype.includes(), but an attacker able to override that method - or supply crafted keys such as constructor[prototype][polluted]=yes - defeats the check; publicly available exploit code exists in the GHSA advisory. EPSS exploitation probability is very low (0.01%, 1st percentile), it is not on CISA KEV, and no public exploit is identified as active in the wild.

Locutus Information Disclosure Prototype Pollution
NVD GitHub
CVSS 4.0
9.4
EPSS
0.0%
CVE-2025-61140 npm CRITICAL PATCH Act Now

jsonpath library 1.1.1 has a prototype pollution vulnerability in the value function that allows attackers to modify JavaScript object prototypes and potentially achieve RCE.

Jsonpath Information Disclosure Prototype Pollution
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-13465 npm MEDIUM POC PATCH CISA This Month

Lodash versions up to 4.17.22 is affected by improperly controlled modification of object prototype attributes (prototype pollution) (CVSS 5.3).

Information Disclosure Prototype Pollution Lodash
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
Threat
4.9
CVE-2025-13204 npm HIGH POC PATCH This Month

npm package `expr-eval` is vulnerable to Prototype Pollution. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Prototype Pollution RCE Javascript Expression Evaluator Red Hat
NVD GitHub
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-64718 npm MEDIUM PATCH This Month

js-yaml is a JavaScript YAML parser and dumper. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) vulnerability could allow attackers to modify object prototypes to inject properties affecting application logic.

Prototype Pollution Information Disclosure Js Yaml Red Hat Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-3193 npm HIGH POC PATCH This Week

Versions of the package algoliasearch-helper from 2.0.0-rc1 and before 3.11.2 are vulnerable to Prototype Pollution in the _merge() function in merge.js, which allows constructor.prototype to be. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Code Injection Algoliasearch Helper Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-26278 npm HIGH POC This Week

A prototype pollution in the lib.set function of dref v0.1.2 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Prototype Pollution
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-57324 npm MEDIUM POC PATCH This Month

parse is a package designed to parse JavaScript SDK. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Prototype Pollution Parse Javascript Sdk
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-57320 npm MEDIUM POC This Week

json-schema-editor-visual is a package that provides jsonschema editor. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Prototype Pollution Json Schema Editor Visual
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-57318 npm HIGH POC This Week

A Prototype Pollution vulnerability in the toCsv function of csvjson versions thru 5.1.0 allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Prototype Pollution Csvjson
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-57329 npm HIGH POC This Month

web3-core-method is a package designed to creates the methods on the web3 modules. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Prototype Pollution Web3 Core Method
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-57328 npm HIGH POC This Month

toggle-array is a package designed to enables a property on the object at the specified index, while disabling the property on all other objects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Prototype Pollution Toggle Array
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-57327 npm HIGH POC This Week

spmrc is a package that provides the rc manager for spm. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Prototype Pollution Spmrc
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-57326 npm HIGH POC This Week

A Prototype Pollution vulnerability in the byGroupAndType function of sassdoc-extras v2.5.1 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Prototype Pollution Sassdoc Extras
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-57325 npm HIGH POC PATCH This Week

rollbar is a package designed to effortlessly track and debug errors in JavaScript applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Prototype Pollution Rollbar
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-57323 npm HIGH POC This Week

mpregular is a package that provides a small program development framework based on RegularJS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Prototype Pollution Mpregular
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVSS 3.7
LOW PATCH Monitor

The `_.merge(target, source)` utility exported by `@feathersjs/commons` recursively merges `source` into `target` by iterating `Object.keys(source)`. When `source` was produced by `JSON.parse` and contains a `__proto__` (or `constructor` / `prototype`) key, that key is returned as an own-enumerable property. The recursive merge then resolves `target['__proto__']` to `Object.prototype` and writes the attacker-supplied properties onto it, polluting the prototype for all plain objects in the process for the lifetime of the Node process. **Scope of real-world risk is limited.** No first-party Feathers package routes input - trusted or untrusted - through `commons._.merge`. The `@feathersjs/authentication` package, which does merge request-influenced data, uses `lodash/merge` (prototype-pollution-safe since 4.17.12), not this utility. Exploitation therefore requires a downstream plugin or application to pass JSON-parsed, attacker-controlled input directly through the exported `_.merge`. Fixed in `@feathersjs/commons@5.0.45`. The fix skips `__proto__`, `constructor`, and `prototype` keys during iteration - the standard remediation used by lodash and others. Avoid passing JSON-parsed untrusted input through `commons._.merge`. Freezing `Object.prototype` or validating/sanitizing keys upstream also mitigates. Reported responsibly by Andrew Ridings (@ridingsa).

Prototype Pollution Information Disclosure
NVD GitHub
EPSS 0% CVSS 2.1
LOW PATCH Monitor

A security vulnerability has been detected in tamagui up to 2.3.0. This affects the function updateConfig of the file code/core/web/src/config.ts. Such manipulation leads to improperly controlled modification of object prototype attributes. The attack may be performed from remote. Upgrading to version 2.3.1 is able to mitigate this issue. The name of the patch is e46af9879b7627934ea4d6d6e46e65cea53abb3d. The affected component should be upgraded.

Prototype Pollution Information Disclosure Tamagui
NVD VulDB GitHub
EPSS 0% CVSS 2.1
LOW POC PATCH Monitor

Prototype pollution in compromise (spencermountain/compromise) through version 14.15.1 exposes all JavaScript applications using the library to Object.prototype contamination via the nlp.extend() Public Root API. A low-privileged remote attacker who can supply a crafted plugin argument containing __proto__, constructor, or prototype keys can inject properties into the global Object.prototype, producing partial confidentiality, integrity, and availability impact across the Node.js runtime. A public exploit exists via GitHub issue #1208, a vendor patch has been released (commit b4644ab7), and no CISA KEV listing has been confirmed at time of analysis.

Prototype Pollution Information Disclosure Compromise
NVD VulDB GitHub
EPSS 0% CVSS 2.1
LOW PATCH Monitor

Prototype pollution in kofrasa mingo up to version 7.2.1 allows low-privileged remote attackers to corrupt JavaScript Object.prototype by supplying `__proto__` as a field selector in `$set`, `updateOne`, or `updateMany` operations, injecting arbitrary properties into all objects within the Node.js process. Proof-of-concept exploit code exists (CVSS 4.0 E:P), and successful exploitation can cascade to application-wide privilege logic bypass, information disclosure, or denial of service depending on how the host application relies on inherited object properties. Vendor-released patch version 7.2.2 is confirmed available.

Prototype Pollution Information Disclosure Mingo
NVD VulDB GitHub
EPSS 0% CVSS 2.1
LOW Monitor

Prototype pollution in svg.js (svgdotjs) up to version 3.2.5 allows a remote low-privileged attacker to inject arbitrary properties into JavaScript's shared Object.prototype via the EventTarget.on function of the npm package API. Depending on how consuming applications perform property lookups, this can lead to information disclosure, logic bypass, or integrity violations across the entire JavaScript runtime. No vendor patch exists - the maintainer has not responded to the responsible disclosure - and a proof-of-concept exists (CVSS E:P), though no confirmed active exploitation appears in CISA KEV.

Prototype Pollution Node.js Information Disclosure +1
NVD VulDB GitHub
EPSS 0% CVSS 2.1
LOW POC PATCH Monitor

Prototype pollution in TanStack DB's select() query compiler allows low-privileged remote attackers to mutate Object.prototype by supplying dot-notation alias paths containing reserved JavaScript property names such as __proto__, prototype, or constructor. Versions up to 0.6.8 are confirmed affected via CPE cpe:2.3:a:tanstack:db. A publicly available exploit exists (GitHub issue #1584), though the vulnerability is not in CISA KEV. The CVSS 4.0 base score of 2.1 reflects low integrity impact scoped to the vulnerable system, but the downstream consequences of Object.prototype mutation in JavaScript runtimes can exceed what raw scoring conveys depending on application logic.

Information Disclosure Prototype Pollution Db
NVD VulDB GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

Prototype pollution in antv layout 2.0.0 exposes JavaScript runtimes to object prototype manipulation via the `setNestedValue` function in `lib/util/object.js`, where a crafted `path` argument can inject arbitrary properties into the global Object prototype. The CVSS 4.0 vector (AV:N/AC:L/PR:L) indicates network-reachable exploitation requiring low-privilege authentication, with limited but real confidentiality, integrity, and availability impact depending on how downstream application code consumes polluted prototype properties. No public exploit code has been identified and the vulnerability is not listed in CISA KEV; however, the vendor has not responded to the responsible disclosure filed via GitHub issue #292, leaving no patch timeline available.

Information Disclosure Prototype Pollution Layout
NVD VulDB GitHub
EPSS 0% CVSS 5.3
MEDIUM Monitor

Prototype pollution in PrimeReact (all versions through 10.9.8) allows authenticated remote attackers to improperly modify JavaScript object prototype attributes via the ObjectUtils.mutateFieldData API function by crafting malicious Field argument values. Affected deployments face limited confidentiality and integrity exposure at the vulnerable system level. No patch has been issued - the maintainer has not responded to responsible disclosure, and the affected version range is officially end-of-life. No public exploit code or CISA KEV listing has been identified at time of analysis.

Information Disclosure Prototype Pollution Primereact
NVD VulDB GitHub
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Prototype pollution in Hono before 4.12.7 enables unauthenticated remote attackers to inject properties into JavaScript's Object.prototype by submitting crafted form field names containing '__proto__' keys when the 'dot' option is enabled in parseBody. Exploitation is conditional - it further requires that application code merges parsed body output into plain JavaScript objects using unsafe merge patterns - but when both conditions are present, attackers can silently alter inherited object behavior across the entire runtime, potentially bypassing authorization checks or leaking sensitive data. No public exploit code or CISA KEV listing exists at time of analysis; the CVSS 4.0 score of 6.3 reflects limited impact and the attack prerequisite of the non-default dot option being enabled.

Information Disclosure Prototype Pollution Hono
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Privilege escalation via prototype pollution in n8n workflow automation lets an authenticated low-privilege user (holding the default workflow:create permission) corrupt Object.prototype through a crafted workflow saved, updated, or imported via the workflow API. Once polluted, subsequent unauthenticated requests are evaluated as a privileged user, exposing internal user and project listing endpoints. This is an information-disclosure and access-control flaw with no public exploit identified at time of analysis; CVSS 4.0 base score is 7.1.

Information Disclosure Prototype Pollution N8n
NVD GitHub
EPSS 0% CVSS 2.1
LOW POC Monitor

Prototype pollution in the enquirer npm package (versions up to 2.4.1) allows remote authenticated attackers to manipulate JavaScript Object.prototype attributes by injecting a crafted value into the question.name argument of the Enquirer.set() function. The vulnerability carries a low CVSS 4.0 score of 2.1, reflecting limited integrity-only impact scoped to the vulnerable system with no confidentiality or availability consequence. Publicly available exploit code exists via GitHub issue #487, though no active exploitation has been confirmed in CISA KEV.

Information Disclosure Prototype Pollution Enquirer
NVD VulDB GitHub
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

Prototype pollution in protobuf.js versions 8.2.0 through 8.6.4 allows network-reachable attackers to corrupt JavaScript object prototype chains via the Text Format extension, by supplying a map entry whose key is the reserved JavaScript token `__proto__`, causing the parser to overwrite the prototype of the returned map object instead of creating a literal own-property entry. Exploitation is constrained by high attack complexity - only applications explicitly using the optional `/ext/textformat` module and parsing attacker-controlled input are affected - and real-world impact is limited to partial confidentiality and integrity effects in downstream code that inherits or enumerates poisoned prototype properties. No active exploitation has been confirmed (not in CISA KEV) and no public exploit code has been identified at time of analysis.

Information Disclosure Prototype Pollution Protobuf Js
NVD GitHub VulDB
CVSS 4.8
MEDIUM PATCH This Month

Prototype pollution in @hey-api/openapi-ts affects all versions through 0.97.2, allowing remote unauthenticated attackers to substitute the prototype chain of the returned params slot object by passing a crafted key such as '$query___proto__' through any application that forwards user-supplied parameters to a generated SDK method. The flaw resides in a runtime template (dist/clients/core/params.ts) that is copied verbatim into every generated SDK, meaning every downstream npm package regenerated from this tool carries the vulnerable code - confirmed affected consumers include @opencode-ai/sdk and @trigger.dev/sdk. A functional proof-of-concept is publicly available; exploitation is not confirmed as actively exploited and is absent from CISA KEV.

Node.js Docker Code Injection +1
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Prototype Pollution in Jodit Editor (versions prior to 4.12.18) allows network-reachable attackers to mutate Object.prototype by supplying crafted configuration payloads to Jodit.configure(), exploiting unfiltered merging in the internal ConfigMerge and ConfigProto helpers. Specifically, keys such as __proto__ or constructor nested inside legitimate option namespaces like controls can propagate to the global JavaScript prototype chain, corrupting runtime behavior for all JavaScript executing in the same environment. No public exploit is identified at time of analysis and the vulnerability is not listed in CISA KEV; however, exploitation is contingent on the host application forwarding user-controlled input into Jodit.configure(), a pattern common in configurable WYSIWYG deployments.

Information Disclosure Prototype Pollution Jodit
NVD GitHub
CVSS 8.6
HIGH PATCH This Week

{} literals. No public exploit identified at time of analysis, but the high CVSS (8.6) and trivial exploitation make this a priority for affected deployments.

RCE Prototype Pollution
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Prototype pollution in JetBrains YouTrack's websandbox bridge (all versions before 2026.2.16593) lets an attacker who can reach the sandbox boundary corrupt JavaScript Object.prototype, potentially escaping the sandbox or disclosing information. The flaw was internally reported by JetBrains and classed as CWE-1321; it carries a vendor-published CVSS of 9.8, but no public exploit has been identified at time of analysis and EPSS rates exploitation probability low at 0.40% (32nd percentile).

Information Disclosure Prototype Pollution Youtrack
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

{ output: 'object' })`, the Expand API, and the transform lifecycle, and is most dangerous when Style Dictionary runs inside a Node.js server that ingests untrusted tokens. No public exploit identified at time of analysis and CISA has not listed it in KEV.

Prototype Pollution Information Disclosure Style Dictionary
NVD GitHub
CVSS 9.1
CRITICAL PATCH Act Now

Prototype pollution in the npm package scim-patch (versions <= 0.9.0) allows authenticated SCIM provisioning clients to mutate Object.prototype process-wide by submitting a PATCH operation whose value object contains a key such as `__proto__.someProp` or `constructor.prototype.someProp`. Because the side effect persists for the lifetime of the Node process and leaks into every plain object, downstream code that checks flags like `req.user.isAdmin` against unpolluted plain objects can suffer privilege escalation, logic bypass, or denial of service. Publicly available exploit code exists (proof-of-concept in the GHSA advisory and now in the package's test suite); no public exploit identified as in-the-wild use at time of analysis.

Prototype Pollution Privilege Escalation Node.js
NVD GitHub
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

Prototype pollution in deepstream.io versions prior to 10.0.5 allows an authenticated client with write permission to any record to corrupt the Node.js Object prototype by submitting record-update messages whose path contains tokens such as __proto__, constructor, or prototype. Because deepstream's permission valve and record-transition pipeline both invoke setValue with the attacker-controlled path, polluting the prototype can taint subsequent permission and transition logic and lead to privilege escalation across all connected clients. No public exploit identified at time of analysis, though the upstream commit (54b8e29) and patch tests publicly demonstrate the exact vulnerable path semantics.

Prototype Pollution Privilege Escalation Deepstream Io
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Prototype pollution in the Jodit WYSIWYG editor npm package (versions < 4.12.26) allows mutation of Object.prototype via the public helper API Jodit.modules.Helpers.set(). When an application passes user-controlled or partially user-controlled key paths to this function, an attacker can inject arbitrary properties into the global Object.prototype, enabling logic bypass, denial of service, or secondary security issues throughout the entire JavaScript runtime. A proof-of-concept is publicly available in the GitHub advisory (GHSA-vpmm-x3fm-qr5c); no public exploit identified at time of analysis beyond this PoC, and no CISA KEV listing exists.

Prototype Pollution Node.js Denial Of Service
NVD GitHub
EPSS 1% CVSS 8.6
HIGH This Week

Sandbox escape via prototype pollution in ThingsBoard (versions prior to v4.3.1.2) allows a TENANT_ADMIN-authenticated user to achieve arbitrary code execution within the tb-js-executor sandboxed JavaScript context. The flaw lets a rule-chain script reach the host realm through the `args.constructor.constructor` chain (e.g., synthesizing a Function that returns `process`), defeating the intended VM isolation. No public exploit identified at time of analysis, though the upstream regression test in PR #15600 effectively documents the escape technique.

Prototype Pollution RCE Thingsboard
NVD GitHub VulDB
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Denial of service in n8n workflow automation platform (versions prior to 2.24.0) allows an authenticated user with workflow create/edit permissions to trigger global prototype pollution via a crafted table parameter in the Microsoft SQL node. The pollution of Object.prototype persists for the lifetime of the n8n process, causing application-wide validation failures until the server is restarted. No public exploit identified at time of analysis, though the vendor advisory provides clear technical detail.

Prototype Pollution Microsoft Information Disclosure
NVD GitHub VulDB
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Prototype pollution in n8n's internal webhook object-copying routine enables unauthenticated network attackers to inject attacker-controlled fields into workflow execution data, turning affected workflows into confused deputies that abuse the workflow owner's stored credentials. Affected npm package versions span all n8n releases below 2.25.7 and the 2.26.0-2.26.1 range; vendor-confirmed patches are available. Exploitation is constrained by a specific workflow topology requirement, but where that topology exists the impact extends beyond n8n itself to external systems reachable via the owner's configured credentials - a scope change that the CVSS S:C metric appropriately captures. No public exploit code and no CISA KEV listing have been identified at time of analysis.

Prototype Pollution Information Disclosure
NVD GitHub VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Remote prototype pollution in i18next-http-middleware before 3.9.7 allows unauthenticated attackers to write to Object.prototype by submitting dotted request-body keys such as '__proto__.polluted' to the missingKeyHandler. The 3.9.3 denylist blocked only literal unsafe keys; downstream backends (notably i18next-fs-backend ≤ 2.6.5) that split missing-key strings on the configured keySeparator then walked these segments into an unguarded setPath(). No public exploit identified at time of analysis, but PoC payloads are embedded in the upstream security test suite.

Prototype Pollution Node.js Denial Of Service +1
NVD GitHub VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Prototype pollution in i18next-fs-backend versions prior to 2.6.6 allows remote attackers to write arbitrary properties onto Object.prototype by submitting crafted missing-translation keys such as '__proto__.polluted' to applications that expose i18next-http-middleware's missingKeyHandler to untrusted input. Backend.writeFile() split keys on the configured keySeparator (default '.') and the getLastOfPath walker in lib/utils.js did not filter unsafe segments before traversing the target object. No public exploit identified at time of analysis, but a coordinated-disclosure advisory (GHSA-2933-q333-qg83) and a fixing commit are public, and downstream impact can include denial of service, configuration poisoning, and bypass of property-based security checks.

Prototype Pollution Denial Of Service I18Next Fs Backend
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Prototype pollution in RubyLouvre Avalon's Template Filter Handler (src/filters/index.js) allows remote unauthenticated attackers to modify JavaScript Object.prototype attributes by supplying crafted template filter input. All versions through 2.2.10 are affected per the CPE range cpe:2.3:a:rubylouvre:avalon:*:*:*:*:*:*:*:*. No vendor patch exists - the maintainer did not respond to coordinated disclosure - and a public exploit is available on GitHub (OriginSecurityX/avalon-filter-rce), which the repository title characterizes as capable of remote code execution, a materially more severe claim than the CVSS 4.0 VI:L rating assigned by the reporter.

Prototype Pollution Information Disclosure Avalon
NVD VulDB GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Prototype pollution in jsonata-js (all versions up to 2.2.0) allows remote unauthenticated attackers to inject arbitrary properties into JavaScript's Object.prototype via the createFrame function in src/jsonata.js. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) with exploitation status E:P confirms this is network-exploitable with zero prerequisites, and a public proof-of-concept has been published on GitHub demonstrating a hasOwnProperty guard bypass. No patch exists - the vendor failed to respond to coordinated disclosure - leaving all users of jsonata ≤ 2.2.0 indefinitely exposed.

Prototype Pollution Information Disclosure Jsonata +1
NVD VulDB GitHub
EPSS 0% CVSS 9.1
CRITICAL Act Now

Prototype pollution in ApostropheCMS versions up to and including 4.30.0 allows an authenticated editor to poison Object.prototype via the $pullAll patch operator, ultimately bypassing authorization on all piece-type REST API endpoints for unauthenticated requests until the Node.js process restarts. The flaw stems from apos.util.set() failing to sanitize __proto__ in dot-notation paths, and no public exploit identified at time of analysis but the advisory describes a confirmed exploitation gadget in publicApiCheck(). No vendor-released patch identified at time of analysis, making this an open-window risk for any internet-exposed editor account.

Prototype Pollution Authentication Bypass Node.js +1
NVD GitHub
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Denial-of-service and HTTP header injection in the axios npm package (>=1.0.0,<1.16.0 and <=0.31.1) arise from two read-side prototype-pollution gadgets in lib/utils.js merge() and lib/core/mergeConfig.js, allowing a polluted Object.prototype (typically from an upstream dependency such as lodash CVE-2018-16487) to inject arbitrary outbound headers or crash every axios call with a synchronous TypeError. Publicly available exploit code exists in the GHSA advisory PoC, but EPSS is only 0.04% (13th percentile) and SSVC marks Automatable=no with partial technical impact, so this is a credible secondary-gadget risk rather than a mass-exploitation target.

Denial Of Service Prototype Pollution Red Hat
NVD GitHub VulDB
EPSS 0%
HIGH PATCH This Week

Prototype pollution in @nevware21/ts-utils versions <= 0.13.0 allows attackers to corrupt the global Object prototype by passing crafted JSON containing a __proto__ key to objDeepCopy or objCopyProps. The flaw resides in the _copyProps helper, which iterates source properties with for...in without hasOwnProperty filtering and does not block dangerous keys. Publicly available exploit code exists via the vendor's GHSA proof-of-concept, though no public exploit identified at time of analysis beyond the disclosure PoC, and no KEV listing.

Information Disclosure Prototype Pollution
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Cookie-attribute injection in js-cookie versions 3.0.5 and earlier allows remote attackers to override security-relevant Set-Cookie attributes (domain, secure, samesite, expires, path) by supplying a JSON-derived attributes object containing a __proto__ key. Publicly available exploit code exists in the GHSA-qjx8-664m-686j advisory demonstrating per-instance prototype hijack via the assign() helper. No active exploitation has been observed, and the issue is fixed in 3.0.7.

Ubuntu Node.js Prototype Pollution +1
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

Prototype pollution in MongoDB Compass's CSV import parsing logic creates a '1-click' command execution path across versions 1.36.x through 1.49.5. A crafted CSV file can pollute JavaScript object prototypes during the import workflow, causing untrusted file paths to reach Electron's shell.openExternal() API and be executed by the operating system's default handler. No public exploit code has been identified and this CVE is absent from CISA KEV, but the passive user-interaction requirement - simply importing a CSV as part of routine database work - makes targeted social engineering a credible delivery vector in data-heavy environments.

Information Disclosure Prototype Pollution
NVD VulDB
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Prototype pollution in the @tmlmobilidade/utils npm package allows remote unauthenticated attackers to inject properties into Object.prototype via the setValueAtPath() helper, leading to integrity compromise and partial availability impact in any downstream application that passes user-influenced paths into the function. The flaw is rated CVSS 8.2 (AV:N/AC:L/PR:N/UI:N) and is fixed in version 20260509.0340.15; no public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Information Disclosure Prototype Pollution
NVD GitHub
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Prototype pollution in the npm package parse-nested-form-data version 1.0.0 and earlier allows unauthenticated remote clients to mutate Object.prototype of the running Node.js process by submitting a FormData field whose name contains __proto__ in bracket or dot notation. The flaw resides in handlePathPart in src/index.ts, which walks nested path segments without filtering reserved keys, so a single crafted field name pollutes the prototype chain of every plain object in the process. No public exploit identified at time of analysis, but a working proof-of-concept is published in the GHSA advisory itself.

Path Traversal Node.js Prototype Pollution +1
NVD GitHub
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Prototype pollution in the npm package form-data-objectizer (<= 1.0.0) lets unauthenticated remote attackers mutate Object.prototype by submitting a single HTTP form field whose name uses bracket notation such as __proto__[polluted] or constructor[prototype][polluted]. The defect lives in treatInitial/treatSecond inside index.cjs, where an 'in' check walks the prototype chain and lets the parser write to inherited properties. CVSS is 8.2 (High) with Integrity:High; publicly available exploit code exists (working PoC published in the GHSA advisory), but there is no public exploit identified as being used in attacks and no CISA KEV listing.

Prototype Pollution Node.js Denial Of Service
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Prototype pollution in the jsondiffpatch JavaScript library before 0.7.6 allows attackers to modify Object.prototype by supplying crafted delta documents to jsondiffpatch.patch() or JSON Patch documents to the jsonpatch formatter's patch() API. Because attacker-controlled key names and JSON Pointer path segments were used to traverse and mutate objects without filtering __proto__, constructor, or prototype, any application that feeds untrusted diffs into the library can have global object behavior tampered with. A public POC exists in the Snyk advisory and an accompanying gist, but there is no public exploit identified at time of analysis (not on CISA KEV).

Prototype Pollution Information Disclosure Jsondiffpatch
NVD GitHub VulDB
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Prototype pollution in @ranfdev/deepobj npm package (versions ≤1.0.2) allows remote unauthenticated attackers to modify JavaScript object prototypes when property paths containing '__proto__', 'constructor', or 'prototype' are processed. The CVSS vector (AV:N/AC:L/PR:N/UI:N) indicates trivial exploitation against network-accessible applications, though real-world impact depends critically on whether user-controlled input is passed to property path parameters. EPSS data unavailable; not listed in CISA KEV. Publicly available exploit code exists (GitHub advisory GHSA-x7q7-fchv-8h2j). Vendor-released patch available in version 1.0.3.

Information Disclosure Prototype Pollution
NVD GitHub
EPSS 0% CVSS 9.4
CRITICAL PATCH Act Now

Remote code execution in n8n workflow automation platform is possible via a prototype pollution patch bypass in the XML node, affecting versions prior to 1.123.43, 2.20.7, and 2.22.1. Authenticated users with workflow creation or modification permissions can bypass the prior fix for GHSA-hqr4-h3xv-9m3r and, by chaining the XML node with other nodes, achieve code execution on the n8n host. No public exploit identified at time of analysis, though EPSS is low (0.05%) suggesting limited near-term mass exploitation despite the high CVSS 4.0 score of 9.4.

Authentication Bypass Prototype Pollution
NVD GitHub VulDB
EPSS 0% CVSS 9.4
CRITICAL PATCH Act Now

Prototype pollution leading to remote code execution in n8n workflow automation platform allows authenticated users with workflow create/modify permissions to corrupt the global Object prototype via an unvalidated pagination parameter in the HTTP Request node. Affecting n8n versions before 1.123.43, 2.20.7, and 2.22.1, the flaw chains with other techniques to escalate to full instance compromise. No public exploit identified at time of analysis, with EPSS at 0.05% (16th percentile) indicating low observed exploitation interest despite CVSS 4.0 9.4 critical rating.

Information Disclosure Prototype Pollution
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Prototype injection in protobufjs generated message constructors allows attackers controlling plain objects passed to message constructors to modify the prototype chain of individual message instances via an enumerable `__proto__` property. Affects protobufjs versions 7.5.5 and earlier, and 8.0.0-8.0.1. This is a per-instance prototype pollution issue (not global) with impact dependent on downstream application behavior such as inherited property reliance or `instanceof` checks. No active exploitation confirmed; no public exploit identified at time of analysis.

RCE Prototype Pollution
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Prototype pollution in protobufjs allows denial of service through corrupted JavaScript built-ins when parsing untrusted schemas. Attackers who control protobuf schemas or JSON descriptors can write to inherited object properties on global constructors, causing process-wide state corruption that persists until restart. CVSS 7.5 (High) with network vector and no authentication required, but real-world risk is limited to applications parsing schemas from untrusted sources-applications only decoding untrusted message payloads with trusted schemas are not affected. Vendor-released patches available: v7.5.6 and v8.0.2. No active exploitation confirmed (not in CISA KEV), and no public exploit code identified at time of analysis.

Denial Of Service RCE Prototype Pollution
NVD GitHub VulDB
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Prototype pollution in @rvf/set-get allows remote attackers to modify Object.prototype on Node.js servers processing form data via Remix or React Router applications. The setPath function fails to block dangerous property keys (__proto__, constructor, prototype) when flattening form submissions, enabling unauthenticated attackers to inject arbitrary properties into all JavaScript objects across the server process with a single malformed HTTP request. Working proof-of-concept code is publicly available demonstrating property injection via field names like '__proto__[polluted]'. The vulnerability affects default configurations with no special setup required - any endpoint using parseFormData or createValidator is exploitable. CVSS 8.2 High severity driven by network attack vector (AV:N), low complexity (AC:L), and no authentication requirement (PR:N), with high integrity impact from the ability to alter application logic process-wide.

Denial Of Service Node.js Prototype Pollution
NVD GitHub VulDB
EPSS 0% CVSS 8.3
HIGH This Week

Prototype pollution in Velocity.js npm package versions <=2.1.5 allows remote attackers to modify Object.prototype through malicious #set directives in templates, enabling denial of service or potential remote code execution when template content is attacker-controlled. Publicly available exploit code exists. EPSS data unavailable, but the low attack complexity (CVSS AC:L), network attack vector (AV:N), and no authentication requirement (PR:N) combined with published POC code indicate elevated risk for applications rendering untrusted Velocity templates.

Denial Of Service RCE Prototype Pollution
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

Prototype pollution in query-string-parser 1.0.0 enables remote unauthenticated attackers to inject malicious properties into JavaScript object prototypes via crafted query parameters, achieving arbitrary code execution, privilege escalation, or denial of service in Node.js applications. CVSS 9.8 critical severity with network attack vector and no authentication required. EPSS score of 0.02% (4th percentile) indicates low observed exploitation probability despite critical rating. Publicly available proof-of-concept exists (GitHub Gist), but no CISA KEV listing confirms active exploitation. SSVC framework rates this as automatable with total technical impact but currently unexploited, suggesting opportunistic future risk rather than immediate widespread targeting.

Node.js Prototype Pollution Information Disclosure
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

npm package parse-ini v1.0.6 is vulnerable to Prototype Pollution in index.js().

Node.js Prototype Pollution Information Disclosure
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Prototype pollution read-side gadgets in the axios HTTP adapter (npm, versions >=1.0.0 to <1.15.2) allow an attacker who has already polluted Object.prototype in the same Node.js process to hijack every outbound request - injecting attacker-controlled Authorization headers, redirecting relative-URL requests to an external server, pointing requests at internal Unix sockets (SSRF/container escape), forcing Node's insecure HTTP parser, and even executing an attacker-supplied beforeRedirect callback. The flaw stems from five config properties (auth, baseURL, socketPath, beforeRedirect, insecureHTTPParser) being read via direct property access that traverses the prototype chain, unlike eight sibling properties already guarded by an own() helper. A working proof-of-concept is published in the GHSA advisory, but EPSS is only 0.03% and the issue is not in CISA KEV - no public exploit identified at time of analysis as a standalone attack, and it requires a separate prototype pollution primitive to fire.

SSRF RCE Prototype Pollution +2
NVD GitHub VulDB
EPSS 0% CVSS 5.2
MEDIUM PATCH This Month

Prototype pollution in EvoMap Evolver versions prior to 1.69.3 allows local attackers with high privileges to inject malicious properties into Object.prototype via unfiltered Object.assign() calls in the mailbox store module, potentially modifying the behavior of all JavaScript objects and causing information disclosure or denial of service. The vulnerability requires file system write access to the messages.jsonl persistence file and high privileges, limiting real-world exploitability to insider or local compromise scenarios.

Prototype Pollution Code Injection
NVD GitHub
EPSS 0% CVSS 9.4
CRITICAL PATCH Act Now

Prototype pollution in n8n's XML node allows authenticated workflow editors to achieve remote code execution through global prototype manipulation. The vulnerability affects n8n workflow automation platform versions prior to 1.123.32, 2.17.4, and 2.18.1, enabling attackers with workflow creation privileges to inject malicious properties into JavaScript object prototypes that can be exploited by other nodes to execute arbitrary code. Vendor-released patches are available for all affected version branches. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis, though the CVSS 10.0 score reflects the critical scope change and complete system compromise potential.

Prototype Pollution Information Disclosure
NVD GitHub VulDB
EPSS 0% CVSS 9.4
CRITICAL PATCH Act Now

Prototype pollution in n8n's XML webhook parser (xml2js library) enables remote code execution when chained with Git node SSH operations. Authenticated users with workflow editing permissions can inject malicious XML payloads to pollute JavaScript object prototypes, then leverage the polluted prototype in Git node operations to execute arbitrary code on the n8n host server. GitHub advisory GHSA-q5f4-99jv-pgg5 confirms patches available in versions 1.123.32, 2.17.4, and 2.18.1. No CISA KEV listing or public POC identified at time of analysis, but the CVSS 10.0 score appears inconsistent with the authenticated (PR:L expected) nature described in the advisory.

RCE Prototype Pollution
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH POC PATCH This Week

Prototype pollution in Axios HTTP client versions before 1.15.1 and 0.31.1 enables silent interception and modification of all JSON responses or complete HTTP transport hijacking when the JavaScript Object.prototype has been polluted by a co-dependency. This vulnerability requires a separate prototype pollution source within the same Node.js process but requires no authentication once that precondition exists. An attacker can then access credentials, headers, and request bodies across the application. EPSS data not available; no public exploit identified at time of analysis.

Node.js Information Disclosure Prototype Pollution +1
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Prototype pollution in extend-deep npm package (up to 0.1.6) enables remote attackers to manipulate JavaScript object prototypes via crafted __proto__ payloads, achieving low-severity confidentiality, integrity, and availability impacts. Public exploit code exists on GitHub. CVSS 7.3 with network attack vector and no authentication required. Project repository inactive for years, making official patch unlikely. EPSS data unavailable, but prototype pollution attacks are well-understood and automatable. Not listed in CISA KEV, suggesting limited widespread exploitation despite public POC.

Information Disclosure Prototype Pollution
NVD VulDB GitHub
EPSS 0% CVSS 6.9
MEDIUM POC This Month

Prototype pollution in brikcss merge library versions 1.0 through 1.3.0 enables remote unauthenticated attackers to inject malicious properties into JavaScript Object prototypes via crafted __proto__, constructor.prototype, or prototype arguments, potentially leading to information disclosure, authentication bypass, or denial of service. Publicly available exploit code exists (GitHub PoC from sudo-secure). CVSS 7.3 with network vector and no authentication required. Vendor unresponsive to disclosure attempts.

Information Disclosure Prototype Pollution
NVD VulDB GitHub
EPSS 0% CVSS 8.6
HIGH This Week

Prototype pollution in Adobe Acrobat Reader allows arbitrary code execution when victims open malicious PDF files. Affects Acrobat Reader versions through 26.001.21411, 24.001.30360, and 24.001.30362. Attack requires local file access with user interaction (CVSS AV:L/UI:R) but achieves scope change and full CIA impact (S:C/C:H/I:H/A:H), yielding CVSS 8.6. No public exploit identified at time of analysis. Vendor advisory available from Adobe (APSB26-44). EPSS data not provided; exploitation status limited to user-interaction-dependent local attack vector.

Prototype Pollution Adobe RCE
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

Prototype pollution in Adobe Acrobat Reader versions 26.001.21411, 24.001.30360, 24.001.30362 and earlier allows arbitrary file system read operations in the context of the current user when a victim opens a malicious PDF or document. The vulnerability requires user interaction but enables confidentiality compromise with high impact; no active exploitation confirmed but the attack surface is broad given Acrobat Reader's ubiquity in document handling.

Prototype Pollution Adobe Information Disclosure
NVD
EPSS 0% 4.7 CVSS 8.6
HIGH POC KEV THREAT Act Now

Prototype pollution in Adobe Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier enables arbitrary code execution in user context via malicious PDF files. Attack requires user interaction to open a crafted document. CVSS 9.6 (Critical) reflects network-deliverable code execution with scope change, though EPSS 0.24% (46th percentile) suggests moderate real-world exploitation probability. No public exploit identified at time of analysis.

Prototype Pollution RCE Adobe
NVD VulDB GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Prototype pollution in the LangSmith JavaScript/TypeScript SDK (npm 'langsmith', versions <= 0.5.17) lets an attacker who controls object keys passed to the createAnonymizer() API pollute Object.prototype for the entire Node.js process. The internally vendored lodash set() utility guards only the __proto__ key and misses the constructor.prototype traversal path, so a crafted key like 'constructor.prototype.polluted' bypasses the fix. Publicly available exploit code exists (SSVC 'poc' plus regression tests in the fix PR), but EPSS is only 0.04% with no evidence of active exploitation; notably the vendor GHSA rates this Medium (~CVSS 5.6), conflicting sharply with the NVD 9.8.

Information Disclosure Node.js Prototype Pollution +1
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Prototype pollution in defu npm package (≤6.1.4) allows remote attackers to override application logic by injecting __proto__ keys through unsanitized user input. The vulnerability enables authentication bypass and arbitrary property injection when applications merge untrusted JSON, database records, or configuration data using defu(). CVSS 7.5 (High) with network-accessible, low-complexity exploitation requiring no authentication. No active exploitation confirmed (not in CISA KEV), but public proof-of-concept exists in the GitHub advisory demonstrating admin privilege escalation.

Prototype Pollution Authentication Bypass
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Prototype pollution in Lodash 4.17.23 and earlier allows unauthenticated remote attackers to delete properties from built-in prototypes (Object.prototype, Number.prototype, String.prototype) via array-wrapped path segments in _.unset and _.omit functions, bypassing the incomplete fix for CVE-2025-13465. The vulnerability has a CVSS score of 6.5 with low integrity and availability impact; no public exploit code or active exploitation has been confirmed at time of analysis.

Prototype Pollution Authentication Bypass Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Prototype pollution in MikroORM's Utils.merge function allows attackers to modify JavaScript object prototypes when applications pass untrusted user input into ORM operations. Affects @mikro-orm/core npm package, enabling denial of service and potentially SQL injection when polluted properties influence query construction. No public exploit identified at time of analysis, though GitHub security advisory published by the project maintainers confirms the vulnerability class (CWE-1321).

Prototype Pollution Denial Of Service SQLi
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Prototype pollution in locutus npm package version 2.0.39 through 3.0.24 allows remote attackers to bypass `Object.prototype` pollution guards via a crafted query string passed to the `parse_str` function, enabling authentication bypass, denial of service, or remote code execution in chained attack scenarios where `RegExp.prototype.test` has been previously compromised. Publicly available exploit code exists demonstrating the vulnerability; vendor-released patch available in version 3.0.25.

PHP Denial Of Service Node.js +4
NVD GitHub
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Prototype pollution in the locutus npm package's unserialize() function allows remote attackers to inject arbitrary properties into deserialized objects by crafting malicious PHP-serialized payloads containing __proto__ keys, enabling authorization bypass, property propagation attacks, and denial of service via method override. The vulnerability affects locutus versions prior to 3.0.25; publicly available exploit code exists demonstrating property injection, for-in propagation to real own properties, and built-in method disruption.

PHP Node.js Prototype Pollution +3
NVD GitHub
EPSS 1%
CRITICAL PATCH Act Now

Prototype pollution in convict npm package version 6.2.4 allows attackers to bypass previous security fixes and pollute Object.prototype through crafted input that manipulates String.prototype.startsWith. The vulnerability affects applications processing untrusted input via convict.set() and can lead to authentication bypass, denial of service, or remote code execution if polluted properties reach dangerous sinks like eval or child_process. A working proof-of-concept exploit demonstrating the bypass technique exists in the advisory.

Mozilla Node.js Prototype Pollution +3
NVD GitHub
EPSS 0%
CRITICAL PATCH Act Now

Prototype pollution in Mozilla's node-convict configuration library allows attackers to inject properties into Object.prototype via two unguarded code paths: config.load()/loadFile() methods that fail to filter forbidden keys during recursive merge operations, and schema initialization accepting constructor.prototype.* keys during default-value propagation. Applications using node-convict (pkg:npm/convict) that process untrusted configuration data face impacts ranging from authentication bypass to remote code execution depending on how polluted properties propagate through the application. This represents an incomplete fix for prior prototype pollution issues (GHSA-44fc-8fm5-q62h), with no public exploit identified at time of analysis.

Mozilla Node.js Prototype Pollution +2
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

picomatch is vulnerable to a method injection vulnerability (CWE-1321) in its POSIX_REGEX_SOURCE object that allows specially crafted POSIX bracket expressions like [[:constructor:]] to reference inherited Object.prototype methods, causing these methods to be stringified and injected into generated regular expressions. This affects all versions of the npm package picomatch prior to 2.3.2, 3.0.2, and 4.0.4, and can cause incorrect glob matching behavior leading to integrity violations where patterns match unintended filenames; while this does not enable remote code execution, it can compromise security-relevant logic in applications using glob matching for filtering, validation, or access control. The vulnerability is not listed in CISA KEV and has no widely published proof-of-concept, but patches are available from the vendor.

RCE Prototype Pollution Red Hat
NVD GitHub
EPSS 0% CVSS 9.4
CRITICAL POC PATCH Act Now

A prototype pollution vulnerability in the XML and GSuiteAdmin nodes of n8n workflow automation platform allows authenticated users with workflow creation or modification permissions to achieve remote code execution. Versions prior to 2.14.1, 2.13.3, and 1.123.27 are affected. The CVSS score of 9.4 (Critical) reflects network-based exploitation with low complexity requiring only low-level authentication, though no current KEV listing or public POC availability is indicated in the provided intelligence.

Prototype Pollution RCE
NVD GitHub VulDB
EPSS 0% CVSS 8.9
HIGH PATCH This Week

Prototype pollution in the flatted npm library (versions <= 3.4.1) lets an attacker who controls input to the parse() function leak a live reference to Array.prototype into the returned object, so any later write to that property poisons the global prototype chain. The flaw stems from parse() using attacker-supplied JSON string values such as "__proto__" as raw array index keys without numeric validation. Publicly available exploit code exists (a three-line proof of concept in the GitHub Security Advisory), though EPSS is only 0.01% (2nd percentile) and it is not in CISA KEV.

RCE Denial Of Service Prototype Pollution
NVD GitHub VulDB
EPSS 0% CVSS 2.3
LOW PATCH Monitor

OpenClaw versions prior to 2026.2.21 are vulnerable to prototype pollution attacks via the /debug set endpoint, allowing authenticated attackers to inject reserved prototype keys (__proto__, constructor, prototype) and manipulate object prototypes to bypass command gate restrictions. The vulnerability requires authenticated access and has relatively low real-world exploitability due to high attack complexity, but presents a meaningful integrity risk for authorized users who may not be aware of this attack vector. A patch is available from the vendor.

Authentication Bypass Prototype Pollution
NVD GitHub VulDB
EPSS 0%
HIGH PATCH This Week

Parse Server is vulnerable to denial of service when remote attackers craft malicious cloud function names that exploit prototype chain traversal, allowing them to trigger stack overflows and crash the server process. The vulnerability stems from improper property lookup restrictions during function name resolution. A patch is available that limits lookups to own properties only.

Prototype Pollution Denial Of Service
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Elysia (npm package, versions prior to 1.4.27) is vulnerable to prototype pollution through maliciously crafted cookie names, allowing unauthenticated attackers to override application cookie values and potentially inject arbitrary data into the application's object prototype. With a CVSS score of 6.5 and network-accessible attack vector requiring no privileges or user interaction, attackers can manipulate cookie handling to gain limited information disclosure and integrity compromise. A proof-of-concept exploit demonstrating the `__proto__` injection vector exists in the GitHub advisory.

Code Injection Prototype Pollution
NVD GitHub VulDB
EPSS 0% CVSS 2.0
LOW POC Monitor

A vulnerability was found in Lagom WHMCS Template up to 2.3.7.

Information Disclosure Prototype Pollution
NVD VulDB GitHub
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

Prototype pollution in Apollo Federation before multiple versions.

Information Disclosure Prototype Pollution
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

In devalue v5.6.3, `devalue.parse` and `devalue.unflatten` were susceptible to prototype pollution via maliciously crafted payloads. Successful exploitation could lead to Denial of Service (DoS) or type confusion.

Denial Of Service Prototype Pollution Devalue +2
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Immutable.js provides many Persistent Immutable data structures. versions up to 3.8.3 is affected by improperly controlled modification of object prototype attributes (prototype pollution).

Prototype Pollution Information Disclosure Immutable
NVD GitHub VulDB
EPSS 0% CVSS 7.2
HIGH PATCH This Week

AdonisJS is a TypeScript-first web framework. versions up to 10.1.3 is affected by improperly controlled modification of object prototype attributes (prototype pollution) (CVSS 7.2).

Prototype Pollution Information Disclosure Bodyparser
NVD GitHub VulDB
EPSS 0% CVSS 9.4
CRITICAL POC PATCH Act Now

Prototype pollution in the Locutus JavaScript library (npm package, versions >= 2.0.12 and < 2.0.39) lets attacker-influenced input passed to the php.strings.parse_str function pollute Object.prototype, bypassing a prior guard. The earlier fix rejected forbidden keys using String.prototype.includes(), but an attacker able to override that method - or supply crafted keys such as constructor[prototype][polluted]=yes - defeats the check; publicly available exploit code exists in the GHSA advisory. EPSS exploitation probability is very low (0.01%, 1st percentile), it is not on CISA KEV, and no public exploit is identified as active in the wild.

Locutus Information Disclosure Prototype Pollution
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

jsonpath library 1.1.1 has a prototype pollution vulnerability in the value function that allows attackers to modify JavaScript object prototypes and potentially achieve RCE.

Jsonpath Information Disclosure Prototype Pollution
NVD GitHub VulDB
EPSS 0% 4.9 CVSS 6.9
MEDIUM POC PATCH This Month

Lodash versions up to 4.17.22 is affected by improperly controlled modification of object prototype attributes (prototype pollution) (CVSS 5.3).

Information Disclosure Prototype Pollution Lodash
NVD GitHub VulDB
EPSS 0% CVSS 7.3
HIGH POC PATCH This Month

npm package `expr-eval` is vulnerable to Prototype Pollution. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Prototype Pollution RCE +2
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

js-yaml is a JavaScript YAML parser and dumper. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) vulnerability could allow attackers to modify object prototypes to inject properties affecting application logic.

Prototype Pollution Information Disclosure Js Yaml +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Versions of the package algoliasearch-helper from 2.0.0-rc1 and before 3.11.2 are vulnerable to Prototype Pollution in the _merge() function in merge.js, which allows constructor.prototype to be. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Code Injection Algoliasearch Helper +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Week

A prototype pollution in the lib.set function of dref v0.1.2 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Prototype Pollution
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

parse is a package designed to parse JavaScript SDK. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Prototype Pollution Parse Javascript Sdk
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Week

json-schema-editor-visual is a package that provides jsonschema editor. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Prototype Pollution Json Schema Editor Visual
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Week

A Prototype Pollution vulnerability in the toCsv function of csvjson versions thru 5.1.0 allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Prototype Pollution Csvjson
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Month

web3-core-method is a package designed to creates the methods on the web3 modules. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Prototype Pollution Web3 Core Method
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Month

toggle-array is a package designed to enables a property on the object at the specified index, while disabling the property on all other objects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Prototype Pollution Toggle Array
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Week

spmrc is a package that provides the rc manager for spm. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Prototype Pollution Spmrc
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Week

A Prototype Pollution vulnerability in the byGroupAndType function of sassdoc-extras v2.5.1 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Prototype Pollution Sassdoc Extras
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

rollbar is a package designed to effortlessly track and debug errors in JavaScript applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Prototype Pollution Rollbar
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Week

mpregular is a package that provides a small program development framework based on RegularJS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Prototype Pollution Mpregular
NVD GitHub
Page 1 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy