Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:npm/deep-extend@0.2.6
purl pkg:npm/deep-extend@0.2.6
Next non-vulnerable version 0.5.1
Latest non-vulnerable version 0.5.1
Risk 4.5
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-k6bh-s1cq-n3a7
Aliases:
CVE-2018-3750
GHSA-hr2v-3952-633q
Improper Input Validation The utilities function in all versions of the deep-extend node module can be tricked into modifying the prototype of `Object` when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects.
0.5.1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T20:45:55.411231+00:00 GitLab Importer Affected by VCID-k6bh-s1cq-n3a7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/deep-extend/CVE-2018-3750.yml 38.4.0
2026-04-16T01:23:10.859695+00:00 GHSA Importer Affected by VCID-k6bh-s1cq-n3a7 https://github.com/advisories/GHSA-hr2v-3952-633q 38.4.0
2026-04-11T21:56:42.582507+00:00 GitLab Importer Affected by VCID-k6bh-s1cq-n3a7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/deep-extend/CVE-2018-3750.yml 38.3.0
2026-04-11T12:52:32.325154+00:00 GHSA Importer Affected by VCID-k6bh-s1cq-n3a7 https://github.com/advisories/GHSA-hr2v-3952-633q 38.3.0
2026-04-02T22:10:06.395766+00:00 GitLab Importer Affected by VCID-k6bh-s1cq-n3a7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/deep-extend/CVE-2018-3750.yml 38.1.0
2026-04-02T13:45:21.170444+00:00 GHSA Importer Affected by VCID-k6bh-s1cq-n3a7 https://github.com/advisories/GHSA-hr2v-3952-633q 38.1.0
2026-04-01T16:27:25.625906+00:00 GitLab Importer Affected by VCID-k6bh-s1cq-n3a7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/deep-extend/CVE-2018-3750.yml 38.0.0