Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/underscore@1.8.3~dfsg-1
purl pkg:deb/debian/underscore@1.8.3~dfsg-1
Next non-vulnerable version 1.13.8~dfsg+~1.13.0-1
Latest non-vulnerable version 1.13.8~dfsg+~1.13.0-1
Risk 4.5
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-864e-hkby-qfh6
Aliases:
CVE-2021-23358
GHSA-cf4h-3jhx-xvhq
Arbitrary Code Execution in underscore The package `underscore` from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Execution via the template function, particularly when a variable property is passed as an argument as it is not sanitized.
1.9.1~dfsg-1+deb10u1
Affected by 1 other vulnerability.
1.9.1~dfsg-3
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-15T20:04:49.853298+00:00 Debian Oval Importer Affected by VCID-864e-hkby-qfh6 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T14:46:22.853300+00:00 Debian Oval Importer Affected by VCID-864e-hkby-qfh6 https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 38.4.0
2026-04-11T19:46:26.511765+00:00 Debian Oval Importer Affected by VCID-864e-hkby-qfh6 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T14:34:38.600643+00:00 Debian Oval Importer Affected by VCID-864e-hkby-qfh6 https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 38.3.0
2026-04-08T19:29:14.169293+00:00 Debian Oval Importer Affected by VCID-864e-hkby-qfh6 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-07T23:07:50.776472+00:00 Debian Oval Importer Affected by VCID-864e-hkby-qfh6 https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 38.1.0