Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:npm/immer@9.0.6
purl pkg:npm/immer@9.0.6
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-2xa5-ggz7-uudj Improperly Controlled Modification of Dynamically-Determined Object Attributes immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') CVE-2021-3757
GHSA-c36v-fmgq-m8hx
VCID-48k4-6btj-9kha Access of Resource Using Incompatible Type (Type Confusion) A type confusion vulnerability can lead to a bypass of CVE-2020-28477 when the user-provided keys used in the path parameter are arrays. In particular, this bypass is possible because the condition `(p === "__proto__" || p === "constructor")` in `applyPatches_` returns false if `p` is `['__proto__']` (or `['constructor']`). The `===` operator (strict equality operator) returns false if the operands have different type. CVE-2021-23436
GHSA-33f9-j839-rf8h

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T21:30:40.986408+00:00 GitLab Importer Fixing VCID-2xa5-ggz7-uudj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/immer/CVE-2021-3757.yml 38.4.0
2026-04-16T21:30:30.106925+00:00 GitLab Importer Fixing VCID-48k4-6btj-9kha https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/immer/CVE-2021-23436.yml 38.4.0
2026-04-11T22:43:48.358874+00:00 GitLab Importer Fixing VCID-2xa5-ggz7-uudj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/immer/CVE-2021-3757.yml 38.3.0
2026-04-11T22:43:36.960040+00:00 GitLab Importer Fixing VCID-48k4-6btj-9kha https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/immer/CVE-2021-23436.yml 38.3.0
2026-04-02T22:53:53.594200+00:00 GitLab Importer Fixing VCID-2xa5-ggz7-uudj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/immer/CVE-2021-3757.yml 38.1.0
2026-04-02T22:53:43.569279+00:00 GitLab Importer Fixing VCID-48k4-6btj-9kha https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/immer/CVE-2021-23436.yml 38.1.0
2026-04-02T16:58:11.011982+00:00 GHSA Importer Fixing VCID-2xa5-ggz7-uudj https://github.com/advisories/GHSA-c36v-fmgq-m8hx 38.1.0
2026-04-02T16:58:10.676276+00:00 GHSA Importer Fixing VCID-48k4-6btj-9kha https://github.com/advisories/GHSA-33f9-j839-rf8h 38.1.0
2026-04-01T13:00:56.009368+00:00 GithubOSV Importer Fixing VCID-48k4-6btj-9kha https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/09/GHSA-33f9-j839-rf8h/GHSA-33f9-j839-rf8h.json 38.0.0
2026-04-01T13:00:55.364049+00:00 GithubOSV Importer Fixing VCID-2xa5-ggz7-uudj https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/09/GHSA-c36v-fmgq-m8hx/GHSA-c36v-fmgq-m8hx.json 38.0.0
2026-04-01T12:48:49.745661+00:00 GitLab Importer Fixing VCID-2xa5-ggz7-uudj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/immer/CVE-2021-3757.yml 38.0.0
2026-04-01T12:48:49.215157+00:00 GitLab Importer Fixing VCID-48k4-6btj-9kha https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/immer/CVE-2021-23436.yml 38.0.0