VulnerableCode Package Details - pkg:npm/immutable@4.3.1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:npm/immutable@4.3.1

Essentials
History (1)

purl	pkg:npm/immutable@4.3.1

Next non-vulnerable version	4.3.8
Latest non-vulnerable version	5.1.5
Risk	4.4

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-ev32-mahc-5ufa Aliases: CVE-2026-29063 GHSA-wf6x-7x77-mvgw	Immutable is vulnerable to Prototype Pollution _What kind of vulnerability is it? Who is impacted?_ A Prototype Pollution is possible in immutable via the mergeDeep(), mergeDeepWith(), merge(), Map.toJS(), and Map.toObject() APIs.	4.3.8 Affected by 0 other vulnerabilities. 5.1.5 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-ev32-mahc-5ufa
Aliases:
CVE-2026-29063
GHSA-wf6x-7x77-mvgw

Immutable is vulnerable to Prototype Pollution _What kind of vulnerability is it? Who is impacted?_ A Prototype Pollution is possible in immutable via the mergeDeep(), mergeDeepWith(), merge(), Map.toJS(), and Map.toObject() APIs.

4.3.8
Affected by 0 other vulnerabilities.

5.1.5
Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-06T07:13:06.808111+00:00	GitLab Importer	Affected by	VCID-ev32-mahc-5ufa	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/immutable/CVE-2026-29063.yml	38.6.0