VulnerableCode Package Details - pkg:deb/debian/node-mixin-deep@2.0.1-3?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-75cr-t5b7-67d8	Prototype Pollution in mixin-deep Versions of `mixin-deep` prior to 2.0.1 or 1.3.2 are vulnerable to Prototype Pollution. The `mixinDeep` function fails to validate which Object properties it updates. This allows attackers to modify the prototype of Object, causing the addition or modification of an existing property on all objects. ## Recommendation If you are using `mixin-deep` 2.x, upgrade to version 2.0.1 or later. If you are using `mixin-deep` 1.x, upgrade to version 1.3.2 or later.	CVE-2019-10746 GHSA-fhjf-83wg-r2j9
VCID-f918-yz1e-q7h2	Improper Input Validation mixin-deep node suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of `Object` via `__proto__`, causing the addition or modification of an existing property that will exist on all objects.	CVE-2018-3719 GHSA-3mpr-hq3p-49h9

Vulnerability

Summary

Aliases

VCID-75cr-t5b7-67d8

Prototype Pollution in mixin-deep Versions of `mixin-deep` prior to 2.0.1 or 1.3.2 are vulnerable to Prototype Pollution. The `mixinDeep` function fails to validate which Object properties it updates. This allows attackers to modify the prototype of Object, causing the addition or modification of an existing property on all objects. ## Recommendation If you are using `mixin-deep` 2.x, upgrade to version 2.0.1 or later. If you are using `mixin-deep` 1.x, upgrade to version 1.3.2 or later.

CVE-2019-10746
GHSA-fhjf-83wg-r2j9

VCID-f918-yz1e-q7h2

Improper Input Validation mixin-deep node suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of `Object` via `__proto__`, causing the addition or modification of an existing property that will exist on all objects.

CVE-2018-3719
GHSA-3mpr-hq3p-49h9

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-01T22:38:35.733217+00:00	Debian Importer	Fixing	VCID-f918-yz1e-q7h2	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-05-01T22:09:22.483359+00:00	Debian Importer	Fixing	VCID-75cr-t5b7-67d8	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-04-29T12:54:38.228205+00:00	Debian Importer	Fixing	VCID-75cr-t5b7-67d8	https://security-tracker.debian.org/tracker/data/json	38.5.0
2026-04-16T12:21:35.000034+00:00	Debian Importer	Fixing	VCID-f918-yz1e-q7h2	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:48:42.867753+00:00	Debian Importer	Fixing	VCID-75cr-t5b7-67d8	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:27:23.749962+00:00	Debian Importer	Fixing	VCID-f918-yz1e-q7h2	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T17:55:14.339683+00:00	Debian Importer	Fixing	VCID-75cr-t5b7-67d8	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:47:12.192800+00:00	Debian Importer	Fixing	VCID-75cr-t5b7-67d8	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:47:12.158251+00:00	Debian Importer	Fixing	VCID-f918-yz1e-q7h2	https://security-tracker.debian.org/tracker/data/json	38.1.0