VulnerableCode Package Details - pkg:npm/immutable@4.3.8

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:npm/immutable@4.3.8

Essentials
History (3)

purl	pkg:npm/immutable@4.3.8

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-ev32-mahc-5ufa	Immutable is vulnerable to Prototype Pollution _What kind of vulnerability is it? Who is impacted?_ A Prototype Pollution is possible in immutable via the mergeDeep(), mergeDeepWith(), merge(), Map.toJS(), and Map.toObject() APIs.	CVE-2026-29063 GHSA-wf6x-7x77-mvgw

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-05T22:03:00.182851+00:00	GHSA Importer	Fixing	VCID-ev32-mahc-5ufa	https://github.com/advisories/GHSA-wf6x-7x77-mvgw	38.6.0
2026-06-04T16:56:56.228792+00:00	GithubOSV Importer	Fixing	VCID-ev32-mahc-5ufa	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-wf6x-7x77-mvgw/GHSA-wf6x-7x77-mvgw.json	38.6.0
2026-06-02T04:51:21.360369+00:00	GitLab Importer	Fixing	VCID-ev32-mahc-5ufa	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/immutable/CVE-2026-29063.yml	38.6.0