Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:npm/lodash-es@4.4.0

Type npm

Namespace

Name lodash-es

Version 4.4.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 4.18.0

Latest_non_vulnerable_version 4.18.0

Affected_by_vulnerabilities

url VCID-44qf-p2rd-6qay

vulnerability_id VCID-44qf-p2rd-6qay

summary

Prototype Pollution in lodash
Versions of lodash prior to 4.17.19 are vulnerable to Prototype Pollution. The functions `pick`, `set`, `setWith`, `update`, `updateWith`, and `zipObjectDeep` allow a malicious user to modify the prototype of Object if the property identifiers are user-supplied. Being affected by this issue requires manipulating objects based on user-provided property values or arrays.

This vulnerability causes the addition or modification of an existing property that will exist on all objects and may lead to Denial of Service or Code Execution under specific circumstances.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8203.json

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8203.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-8203

reference_id

reference_type

scores

value	0.0322
scoring_system	epss
scoring_elements	0.87064
published_at	2026-04-21T12:55:00Z

value	0.0322
scoring_system	epss
scoring_elements	0.87068
published_at	2026-04-18T12:55:00Z

value	0.0357
scoring_system	epss
scoring_elements	0.87669
published_at	2026-04-01T12:55:00Z

value	0.0357
scoring_system	epss
scoring_elements	0.87723
published_at	2026-04-13T12:55:00Z

value	0.0357
scoring_system	epss
scoring_elements	0.87725
published_at	2026-04-12T12:55:00Z

value	0.0357
scoring_system	epss
scoring_elements	0.87732
published_at	2026-04-11T12:55:00Z

value	0.0357
scoring_system	epss
scoring_elements	0.87721
published_at	2026-04-09T12:55:00Z

value	0.0357
scoring_system	epss
scoring_elements	0.87714
published_at	2026-04-08T12:55:00Z

value	0.0357
scoring_system	epss
scoring_elements	0.87694
published_at	2026-04-07T12:55:00Z

value	0.0357
scoring_system	epss
scoring_elements	0.87691
published_at	2026-04-04T12:55:00Z

value	0.0357
scoring_system	epss
scoring_elements	0.87679
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-8203

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8203
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8203

reference_url

https://github.com/advisories/GHSA-p6mc-m468-83gw

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3
scoring_elements

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-p6mc-m468-83gw

reference_url

https://github.com/github/advisory-database/pull/2884

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/github/advisory-database/pull/2884

reference_url

https://github.com/lodash/lodash

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/lodash/lodash

reference_url

https://github.com/lodash/lodash/commit/c84fe82760fb2d3e03a63379b297a1cc1a2fce12

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/lodash/lodash/commit/c84fe82760fb2d3e03a63379b297a1cc1a2fce12

reference_url

https://github.com/lodash/lodash/issues/4744

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/lodash/lodash/issues/4744

reference_url

https://github.com/lodash/lodash/issues/4874

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/lodash/lodash/issues/4874

reference_url

https://github.com/lodash/lodash/wiki/Changelog#v41719

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/lodash/lodash/wiki/Changelog#v41719

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/lodash-rails/CVE-2020-8203.yml

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/lodash-rails/CVE-2020-8203.yml

reference_url

https://hackerone.com/reports/712065

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://hackerone.com/reports/712065

reference_url

https://hackerone.com/reports/864701

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://hackerone.com/reports/864701

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-8203

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-8203

reference_url

https://security.netapp.com/advisory/ntap-20200724-0006

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20200724-0006

reference_url

https://web.archive.org/web/20210914001339/https://github.com/lodash/lodash/issues/4744

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210914001339/https://github.com/lodash/lodash/issues/4744

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1857412
reference_id	1857412
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1857412

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965283
reference_id	965283
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965283

reference_url	https://access.redhat.com/errata/RHSA-2020:3369
reference_id	RHSA-2020:3369
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3369

reference_url	https://access.redhat.com/errata/RHSA-2020:3370
reference_id	RHSA-2020:3370
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3370

reference_url	https://access.redhat.com/errata/RHSA-2020:3807
reference_id	RHSA-2020:3807
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3807

reference_url	https://access.redhat.com/errata/RHSA-2020:4298
reference_id	RHSA-2020:4298
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4298

reference_url	https://access.redhat.com/errata/RHSA-2020:5179
reference_id	RHSA-2020:5179
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:5179

reference_url	https://access.redhat.com/errata/RHSA-2020:5611
reference_id	RHSA-2020:5611
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:5611

reference_url	https://access.redhat.com/errata/RHSA-2021:3917
reference_id	RHSA-2021:3917
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3917

fixed_packages

url pkg:npm/lodash-es@4.17.20

purl pkg:npm/lodash-es@4.17.20

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-e3y9-r7uz-pkfg

vulnerability	VCID-fhw1-4c1k-sfh3

vulnerability	VCID-jsc5-qvjm-6kek

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/lodash-es@4.17.20

aliases CVE-2020-8203, GHSA-p6mc-m468-83gw

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-44qf-p2rd-6qay

url VCID-dzeb-zu9x-g3bq

vulnerability_id VCID-dzeb-zu9x-g3bq

summary

Prototype Pollution in lodash
Versions of `lodash` before 4.17.12 are vulnerable to Prototype Pollution.  The function `defaultsDeep` allows a malicious user to modify the prototype of `Object` via `{constructor: {prototype: {...}}}` causing the addition or modification of an existing property that will exist on all objects.

references

reference_url

https://access.redhat.com/errata/RHSA-2019:3024

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:3024

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10744.json

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10744.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-10744

reference_id

reference_type

scores

value	0.03254
scoring_system	epss
scoring_elements	0.87132
published_at	2026-04-12T12:55:00Z

value	0.03254
scoring_system	epss
scoring_elements	0.87145
published_at	2026-04-21T12:55:00Z

value	0.03254
scoring_system	epss
scoring_elements	0.87148
published_at	2026-04-18T12:55:00Z

value	0.03254
scoring_system	epss
scoring_elements	0.87143
published_at	2026-04-16T12:55:00Z

value	0.03254
scoring_system	epss
scoring_elements	0.87127
published_at	2026-04-13T12:55:00Z

value	0.03254
scoring_system	epss
scoring_elements	0.87075
published_at	2026-04-01T12:55:00Z

value	0.03254
scoring_system	epss
scoring_elements	0.87086
published_at	2026-04-02T12:55:00Z

value	0.03254
scoring_system	epss
scoring_elements	0.87103
published_at	2026-04-04T12:55:00Z

value	0.03254
scoring_system	epss
scoring_elements	0.87097
published_at	2026-04-07T12:55:00Z

value	0.03254
scoring_system	epss
scoring_elements	0.87117
published_at	2026-04-08T12:55:00Z

value	0.03254
scoring_system	epss
scoring_elements	0.87124
published_at	2026-04-09T12:55:00Z

value	0.03254
scoring_system	epss
scoring_elements	0.87137
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-10744

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10744
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10744

reference_url

https://github.com/lodash/lodash/pull/4336

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/lodash/lodash/pull/4336

reference_url

https://security.netapp.com/advisory/ntap-20191004-0005

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20191004-0005

reference_url	https://security.netapp.com/advisory/ntap-20191004-0005/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20191004-0005/

reference_url

https://snyk.io/vuln/SNYK-JS-LODASH-450202

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JS-LODASH-450202

reference_url

https://support.f5.com/csp/article/K47105354?utm_source=f5support&amp%3Butm_medium=RSS

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://support.f5.com/csp/article/K47105354?utm_source=f5support&amp%3Butm_medium=RSS

reference_url

https://support.f5.com/csp/article/K47105354?utm_source=f5support&utm_medium=RSS

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://support.f5.com/csp/article/K47105354?utm_source=f5support&utm_medium=RSS

reference_url	https://www.npmjs.com/advisories/1065
reference_id
reference_type
scores
url	https://www.npmjs.com/advisories/1065

reference_url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1739497
reference_id	1739497
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1739497

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933079
reference_id	933079
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933079

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-10744

reference_id

CVE-2019-10744

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-10744

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/lodash-rails/CVE-2019-10744.yml

reference_id

CVE-2019-10744.YML

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/lodash-rails/CVE-2019-10744.yml

reference_url

https://github.com/advisories/GHSA-jf85-cpcp-j695

reference_id

GHSA-jf85-cpcp-j695

reference_type

scores

value	9.1
scoring_system	cvssv3
scoring_elements

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jf85-cpcp-j695

reference_url	https://access.redhat.com/errata/RHSA-2020:2362
reference_id	RHSA-2020:2362
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2362

reference_url	https://access.redhat.com/errata/RHSA-2020:2819
reference_id	RHSA-2020:2819
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2819

reference_url	https://access.redhat.com/errata/RHSA-2021:5134
reference_id	RHSA-2021:5134
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:5134

reference_url	https://access.redhat.com/errata/RHSA-2022:5101
reference_id	RHSA-2022:5101
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5101

fixed_packages

url pkg:npm/lodash-es@4.17.14

purl pkg:npm/lodash-es@4.17.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-44qf-p2rd-6qay

vulnerability	VCID-e3y9-r7uz-pkfg

vulnerability	VCID-fhw1-4c1k-sfh3

vulnerability	VCID-jsc5-qvjm-6kek

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/lodash-es@4.17.14

aliases CVE-2019-10744, GHSA-jf85-cpcp-j695

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dzeb-zu9x-g3bq

url VCID-e3y9-r7uz-pkfg

vulnerability_id VCID-e3y9-r7uz-pkfg

summary

Regular Expression Denial of Service (ReDoS) in lodash
All versions of package lodash prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the `toNumber`, `trim` and `trimEnd` functions.

Steps to reproduce (provided by reporter Liyuan Chen):
```js
var lo = require('lodash');

function build_blank(n) {
var ret = "1"
for (var i = 0; i < n; i++) {
ret += " "
}
return ret + "1";
}
var s = build_blank(50000) var time0 = Date.now();
lo.trim(s)
var time_cost0 = Date.now() - time0;
console.log("time_cost0: " + time_cost0);
var time1 = Date.now();
lo.toNumber(s) var time_cost1 = Date.now() - time1;
console.log("time_cost1: " + time_cost1);
var time2 = Date.now();
lo.trimEnd(s);
var time_cost2 = Date.now() - time2;
console.log("time_cost2: " + time_cost2);
```

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28500.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28500.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-28500

reference_id

reference_type

scores

value	0.00245
scoring_system	epss
scoring_elements	0.47815
published_at	2026-04-18T12:55:00Z

value	0.00245
scoring_system	epss
scoring_elements	0.47823
published_at	2026-04-16T12:55:00Z

value	0.00245
scoring_system	epss
scoring_elements	0.47768
published_at	2026-04-21T12:55:00Z

value	0.00245
scoring_system	epss
scoring_elements	0.47758
published_at	2026-04-12T12:55:00Z

value	0.00245
scoring_system	epss
scoring_elements	0.47782
published_at	2026-04-11T12:55:00Z

value	0.00245
scoring_system	epss
scoring_elements	0.47761
published_at	2026-04-08T12:55:00Z

value	0.00245
scoring_system	epss
scoring_elements	0.47706
published_at	2026-04-07T12:55:00Z

value	0.00245
scoring_system	epss
scoring_elements	0.47757
published_at	2026-04-09T12:55:00Z

value	0.00245
scoring_system	epss
scoring_elements	0.47737
published_at	2026-04-02T12:55:00Z

value	0.00245
scoring_system	epss
scoring_elements	0.47699
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-28500

reference_url

https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28500
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28500

reference_url

https://github.com/github/advisory-database/pull/6139

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/github/advisory-database/pull/6139

reference_url

https://github.com/lodash/lodash

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/lodash/lodash

reference_url

https://github.com/lodash/lodash/blob/npm/trimEnd.js%23L8

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/lodash/lodash/blob/npm/trimEnd.js%23L8

reference_url

https://github.com/lodash/lodash/commit/c4847ebe7d14540bb28a8b932a9ce1b9ecbfee1a

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/lodash/lodash/commit/c4847ebe7d14540bb28a8b932a9ce1b9ecbfee1a

reference_url

https://github.com/lodash/lodash/pull/5065

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/lodash/lodash/pull/5065

reference_url

https://github.com/lodash/lodash/pull/5065/commits/02906b8191d3c100c193fe6f7b27d1c40f200bb7

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/lodash/lodash/pull/5065/commits/02906b8191d3c100c193fe6f7b27d1c40f200bb7

reference_url

https://security.netapp.com/advisory/ntap-20210312-0006

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210312-0006

reference_url

https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074896

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074896

reference_url

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074894

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074894

reference_url

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074892

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074892

reference_url

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074895

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074895

reference_url

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074893

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074893

reference_url

https://snyk.io/vuln/SNYK-JS-LODASH-1018905

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JS-LODASH-1018905

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1928954
reference_id	1928954
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1928954

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985086
reference_id	985086
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985086

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-28500

reference_id

CVE-2020-28500

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-28500

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/lodash-rails/CVE-2020-28500.yml

reference_id

CVE-2020-28500.YML

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/lodash-rails/CVE-2020-28500.yml

reference_url

https://github.com/advisories/GHSA-29mw-wpgm-hmr9

reference_id

GHSA-29mw-wpgm-hmr9

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-29mw-wpgm-hmr9

reference_url	https://access.redhat.com/errata/RHSA-2021:2179
reference_id	RHSA-2021:2179
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2179

reference_url	https://access.redhat.com/errata/RHSA-2021:2438
reference_id	RHSA-2021:2438
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2438

reference_url	https://access.redhat.com/errata/RHSA-2021:2543
reference_id	RHSA-2021:2543
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2543

reference_url	https://access.redhat.com/errata/RHSA-2021:3459
reference_id	RHSA-2021:3459
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3459

reference_url	https://access.redhat.com/errata/RHSA-2022:6429
reference_id	RHSA-2022:6429
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6429

fixed_packages

url pkg:npm/lodash-es@4.17.21

purl pkg:npm/lodash-es@4.17.21

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jsc5-qvjm-6kek

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/lodash-es@4.17.21

aliases CVE-2020-28500, GHSA-29mw-wpgm-hmr9

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e3y9-r7uz-pkfg

url VCID-fhw1-4c1k-sfh3

vulnerability_id VCID-fhw1-4c1k-sfh3

summary

Command Injection in lodash
`lodash` versions prior to 4.17.21 are vulnerable to Command Injection via the template function.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23337.json

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23337.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-23337

reference_id

reference_type

scores

value	0.00463
scoring_system	epss
scoring_elements	0.64288
published_at	2026-04-04T12:55:00Z

value	0.00463
scoring_system	epss
scoring_elements	0.64248
published_at	2026-04-07T12:55:00Z

value	0.00463
scoring_system	epss
scoring_elements	0.64203
published_at	2026-04-01T12:55:00Z

value	0.00463
scoring_system	epss
scoring_elements	0.6426
published_at	2026-04-02T12:55:00Z

value	0.04314
scoring_system	epss
scoring_elements	0.88899
published_at	2026-04-13T12:55:00Z

value	0.04314
scoring_system	epss
scoring_elements	0.88893
published_at	2026-04-09T12:55:00Z

value	0.04314
scoring_system	epss
scoring_elements	0.88905
published_at	2026-04-11T12:55:00Z

value	0.04314
scoring_system	epss
scoring_elements	0.88908
published_at	2026-04-21T12:55:00Z

value	0.04314
scoring_system	epss
scoring_elements	0.88911
published_at	2026-04-18T12:55:00Z

value	0.04314
scoring_system	epss
scoring_elements	0.88913
published_at	2026-04-16T12:55:00Z

value	0.04314
scoring_system	epss
scoring_elements	0.88888
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-23337

reference_url

https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23337
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23337

reference_url

https://github.com/advisories/GHSA-35jh-r3h4-6jhm

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3
scoring_elements

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-35jh-r3h4-6jhm

reference_url

https://github.com/lodash/lodash

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/lodash/lodash

reference_url

https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js#L14851

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js#L14851

reference_url

https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/lodash-rails/CVE-2021-23337.yml

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/lodash-rails/CVE-2021-23337.yml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-23337

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-23337

reference_url

https://security.netapp.com/advisory/ntap-20210312-0006

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210312-0006

reference_url

https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074932

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074932

reference_url

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074930

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074930

reference_url

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074928

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074928

reference_url

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931

reference_url

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074929

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074929

reference_url

https://snyk.io/vuln/SNYK-JS-LODASH-1040724

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JS-LODASH-1040724

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1928937
reference_id	1928937
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1928937

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985086
reference_id	985086
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985086

reference_url	https://access.redhat.com/errata/RHSA-2021:2179
reference_id	RHSA-2021:2179
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2179

reference_url	https://access.redhat.com/errata/RHSA-2021:2438
reference_id	RHSA-2021:2438
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2438

reference_url	https://access.redhat.com/errata/RHSA-2021:2543
reference_id	RHSA-2021:2543
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2543

reference_url	https://access.redhat.com/errata/RHSA-2021:3459
reference_id	RHSA-2021:3459
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3459

reference_url	https://access.redhat.com/errata/RHSA-2022:6429
reference_id	RHSA-2022:6429
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6429

reference_url	https://access.redhat.com/errata/RHSA-2026:7329
reference_id	RHSA-2026:7329
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7329

fixed_packages

url pkg:npm/lodash-es@4.17.21

purl pkg:npm/lodash-es@4.17.21

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jsc5-qvjm-6kek

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/lodash-es@4.17.21

aliases CVE-2021-23337, GHSA-35jh-r3h4-6jhm

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fhw1-4c1k-sfh3

url VCID-jsc5-qvjm-6kek

vulnerability_id VCID-jsc5-qvjm-6kek

summary

Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions
### Impact

Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the `_.unset` and `_.omit` functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes. 

The issue permits deletion of properties but does not allow overwriting their original behavior.  

### Patches

This issue is patched on 4.17.23.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13465.json

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13465.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-13465

reference_id

reference_type

scores

value	0.00029
scoring_system	epss
scoring_elements	0.0826
published_at	2026-04-18T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08279
published_at	2026-04-16T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08387
published_at	2026-04-13T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08402
published_at	2026-04-12T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08421
published_at	2026-04-21T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08341
published_at	2026-04-07T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.0843
published_at	2026-04-09T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08366
published_at	2026-04-02T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08413
published_at	2026-04-08T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08419
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-13465

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13465
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13465

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/lodash/lodash

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:H/SI:H/SA:H/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/lodash/lodash

reference_url

https://github.com/lodash/lodash/commit/edadd452146f7e4bad4ea684e955708931d84d81

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:H/SI:H/SA:H/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/lodash/lodash/commit/edadd452146f7e4bad4ea684e955708931d84d81

reference_url

https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:H/SI:H/SA:H/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-21T19:43:10Z/

url

https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-13465

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:H/SI:H/SA:H/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-13465

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126265
reference_id	1126265
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126265

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2431740
reference_id	2431740
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2431740

reference_url

https://github.com/advisories/GHSA-xxjr-mmjv-4gpg

reference_id

GHSA-xxjr-mmjv-4gpg

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-xxjr-mmjv-4gpg

reference_url	https://access.redhat.com/errata/RHSA-2026:1845
reference_id	RHSA-2026:1845
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1845

reference_url	https://access.redhat.com/errata/RHSA-2026:2078
reference_id	RHSA-2026:2078
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2078

reference_url	https://access.redhat.com/errata/RHSA-2026:2119
reference_id	RHSA-2026:2119
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2119

reference_url	https://access.redhat.com/errata/RHSA-2026:2145
reference_id	RHSA-2026:2145
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2145

reference_url	https://access.redhat.com/errata/RHSA-2026:2147
reference_id	RHSA-2026:2147
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2147

reference_url	https://access.redhat.com/errata/RHSA-2026:2148
reference_id	RHSA-2026:2148
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2148

reference_url	https://access.redhat.com/errata/RHSA-2026:2149
reference_id	RHSA-2026:2149
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2149

reference_url	https://access.redhat.com/errata/RHSA-2026:2438
reference_id	RHSA-2026:2438
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2438

reference_url	https://access.redhat.com/errata/RHSA-2026:2452
reference_id	RHSA-2026:2452
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2452

reference_url	https://access.redhat.com/errata/RHSA-2026:2462
reference_id	RHSA-2026:2462
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2462

reference_url	https://access.redhat.com/errata/RHSA-2026:2465
reference_id	RHSA-2026:2465
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2465

reference_url	https://access.redhat.com/errata/RHSA-2026:2469
reference_id	RHSA-2026:2469
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2469

reference_url	https://access.redhat.com/errata/RHSA-2026:2484
reference_id	RHSA-2026:2484
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2484

reference_url	https://access.redhat.com/errata/RHSA-2026:2651
reference_id	RHSA-2026:2651
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2651

reference_url	https://access.redhat.com/errata/RHSA-2026:2661
reference_id	RHSA-2026:2661
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2661

reference_url	https://access.redhat.com/errata/RHSA-2026:2672
reference_id	RHSA-2026:2672
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2672

reference_url	https://access.redhat.com/errata/RHSA-2026:2675
reference_id	RHSA-2026:2675
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2675

reference_url	https://access.redhat.com/errata/RHSA-2026:2694
reference_id	RHSA-2026:2694
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2694

reference_url	https://access.redhat.com/errata/RHSA-2026:2816
reference_id	RHSA-2026:2816
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2816

reference_url	https://access.redhat.com/errata/RHSA-2026:2817
reference_id	RHSA-2026:2817
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2817

reference_url	https://access.redhat.com/errata/RHSA-2026:2818
reference_id	RHSA-2026:2818
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2818

reference_url	https://access.redhat.com/errata/RHSA-2026:2819
reference_id	RHSA-2026:2819
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2819

reference_url	https://access.redhat.com/errata/RHSA-2026:2900
reference_id	RHSA-2026:2900
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2900

reference_url	https://access.redhat.com/errata/RHSA-2026:2926
reference_id	RHSA-2026:2926
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2926

reference_url	https://access.redhat.com/errata/RHSA-2026:2984
reference_id	RHSA-2026:2984
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2984

reference_url	https://access.redhat.com/errata/RHSA-2026:2990
reference_id	RHSA-2026:2990
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2990

reference_url	https://access.redhat.com/errata/RHSA-2026:3087
reference_id	RHSA-2026:3087
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3087

reference_url	https://access.redhat.com/errata/RHSA-2026:3422
reference_id	RHSA-2026:3422
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3422

reference_url	https://access.redhat.com/errata/RHSA-2026:3710
reference_id	RHSA-2026:3710
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3710

reference_url	https://access.redhat.com/errata/RHSA-2026:3712
reference_id	RHSA-2026:3712
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3712

reference_url	https://access.redhat.com/errata/RHSA-2026:3782
reference_id	RHSA-2026:3782
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3782

reference_url	https://access.redhat.com/errata/RHSA-2026:3825
reference_id	RHSA-2026:3825
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3825

reference_url	https://access.redhat.com/errata/RHSA-2026:3869
reference_id	RHSA-2026:3869
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3869

reference_url	https://access.redhat.com/errata/RHSA-2026:3870
reference_id	RHSA-2026:3870
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3870

reference_url	https://access.redhat.com/errata/RHSA-2026:3874
reference_id	RHSA-2026:3874
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3874

reference_url	https://access.redhat.com/errata/RHSA-2026:3884
reference_id	RHSA-2026:3884
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3884

reference_url	https://access.redhat.com/errata/RHSA-2026:3958
reference_id	RHSA-2026:3958
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3958

reference_url	https://access.redhat.com/errata/RHSA-2026:3960
reference_id	RHSA-2026:3960
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3960

reference_url	https://access.redhat.com/errata/RHSA-2026:3962
reference_id	RHSA-2026:3962
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3962

reference_url	https://access.redhat.com/errata/RHSA-2026:4423
reference_id	RHSA-2026:4423
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4423

reference_url	https://access.redhat.com/errata/RHSA-2026:4466
reference_id	RHSA-2026:4466
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4466

reference_url	https://access.redhat.com/errata/RHSA-2026:4467
reference_id	RHSA-2026:4467
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4467

reference_url	https://access.redhat.com/errata/RHSA-2026:4630
reference_id	RHSA-2026:4630
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4630

reference_url	https://access.redhat.com/errata/RHSA-2026:4782
reference_id	RHSA-2026:4782
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4782

reference_url	https://access.redhat.com/errata/RHSA-2026:5636
reference_id	RHSA-2026:5636
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:5636

reference_url	https://access.redhat.com/errata/RHSA-2026:6192
reference_id	RHSA-2026:6192
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6192

reference_url	https://access.redhat.com/errata/RHSA-2026:6288
reference_id	RHSA-2026:6288
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6288

reference_url	https://access.redhat.com/errata/RHSA-2026:6497
reference_id	RHSA-2026:6497
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6497

reference_url	https://access.redhat.com/errata/RHSA-2026:6567
reference_id	RHSA-2026:6567
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6567

reference_url	https://access.redhat.com/errata/RHSA-2026:8218
reference_id	RHSA-2026:8218
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8218

reference_url	https://access.redhat.com/errata/RHSA-2026:8229
reference_id	RHSA-2026:8229
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8229

fixed_packages

url pkg:npm/lodash-es@4.17.23

purl pkg:npm/lodash-es@4.17.23

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-an5j-y3cq-gbfx

vulnerability	VCID-hjed-8rnm-kkbk

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/lodash-es@4.17.23

aliases CVE-2025-13465, GHSA-xxjr-mmjv-4gpg

risk_score 3.7

exploitability 0.5

weighted_severity 7.4

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jsc5-qvjm-6kek

Fixing_vulnerabilities

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/packages/pkg:npm/lodash-es@4.4.0

Package Instance