Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:npm/dot-prop@2.2.0
purl pkg:npm/dot-prop@2.2.0
Next non-vulnerable version 4.2.1
Latest non-vulnerable version 5.1.1
Risk 4.0
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-4b6t-hfzu-7uf5
Aliases:
CVE-2020-8116
GHSA-ff7x-qrg7-qggm
dot-prop Prototype Pollution vulnerability Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.
4.2.1
Affected by 0 other vulnerabilities.
5.0.0
Affected by 1 other vulnerability.
5.1.1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T21:00:22.916730+00:00 GitLab Importer Affected by VCID-4b6t-hfzu-7uf5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/dot-prop/CVE-2020-8116.yml 38.4.0
2026-04-16T01:33:55.504190+00:00 GHSA Importer Affected by VCID-4b6t-hfzu-7uf5 https://github.com/advisories/GHSA-ff7x-qrg7-qggm 38.4.0
2026-04-11T22:11:38.088674+00:00 GitLab Importer Affected by VCID-4b6t-hfzu-7uf5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/dot-prop/CVE-2020-8116.yml 38.3.0
2026-04-11T13:03:14.041164+00:00 GHSA Importer Affected by VCID-4b6t-hfzu-7uf5 https://github.com/advisories/GHSA-ff7x-qrg7-qggm 38.3.0
2026-04-02T22:24:08.013069+00:00 GitLab Importer Affected by VCID-4b6t-hfzu-7uf5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/dot-prop/CVE-2020-8116.yml 38.1.0
2026-04-02T13:55:06.810034+00:00 GHSA Importer Affected by VCID-4b6t-hfzu-7uf5 https://github.com/advisories/GHSA-ff7x-qrg7-qggm 38.1.0
2026-04-01T16:41:58.084533+00:00 GitLab Importer Affected by VCID-4b6t-hfzu-7uf5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/dot-prop/CVE-2020-8116.yml 38.0.0