Search for packages
| purl | pkg:npm/bodymen@1.1.1 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 3.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-w56j-wbfx-hye2
Aliases: CVE-2022-25296 GHSA-vhxc-fhm5-qcp9 |
Prototype Pollution in bodymen The package bodymen from 0.0.0 is vulnerable to Prototype Pollution via the handler function which could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload. **Note:** This vulnerability derives from an incomplete fix to [CVE-2019-10792](https://security.snyk.io/vuln/SNYK-JS-BODYMEN-548897) | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-mmju-buwv-kyev | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') bodymen is vulnerable to Prototype Pollution. The handler function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload. |
CVE-2019-10792
GHSA-8h84-8j4f-p97q |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-07T20:45:14.269248+00:00 | GHSA Importer | Fixing | VCID-mmju-buwv-kyev | https://github.com/advisories/GHSA-8h84-8j4f-p97q | 38.6.0 |
| 2026-06-04T17:25:54.301071+00:00 | GithubOSV Importer | Fixing | VCID-mmju-buwv-kyev | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/04/GHSA-8h84-8j4f-p97q/GHSA-8h84-8j4f-p97q.json | 38.6.0 |
| 2026-06-04T16:21:01.410794+00:00 | GitLab Importer | Fixing | VCID-mmju-buwv-kyev | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/bodymen/CVE-2019-10792.yml | 38.6.0 |
| 2026-06-02T04:41:50.768114+00:00 | GitLab Importer | Affected by | VCID-w56j-wbfx-hye2 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/bodymen/CVE-2022-25296.yml | 38.6.0 |