VulnerableCode Package Details - pkg:npm/lodash-amd@4.0.1

Search for packages

Vulnerability	Summary	Fixed by
VCID-dzeb-zu9x-g3bq Aliases: CVE-2019-10744 GHSA-jf85-cpcp-j695	Prototype Pollution in lodash Versions of `lodash` before 4.17.12 are vulnerable to Prototype Pollution. The function `defaultsDeep` allows a malicious user to modify the prototype of `Object` via `{constructor: {prototype: {...}}}` causing the addition or modification of an existing property that will exist on all objects.	4.17.13 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-jsc5-qvjm-6kek Aliases: CVE-2025-13465 GHSA-xxjr-mmjv-4gpg	Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions ### Impact Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the `_.unset` and `_.omit` functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes. The issue permits deletion of properties but does not allow overwriting their original behavior. ### Patches This issue is patched on 4.17.23.	4.17.23 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-dzeb-zu9x-g3bq
Aliases:
CVE-2019-10744
GHSA-jf85-cpcp-j695

Prototype Pollution in lodash Versions of `lodash` before 4.17.12 are vulnerable to Prototype Pollution. The function `defaultsDeep` allows a malicious user to modify the prototype of `Object` via `{constructor: {prototype: {...}}}` causing the addition or modification of an existing property that will exist on all objects.

4.17.13
Affected by 1 other vulnerability.

VCID-jsc5-qvjm-6kek
Aliases:
CVE-2025-13465
GHSA-xxjr-mmjv-4gpg

Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions ### Impact Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the `_.unset` and `_.omit` functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes. The issue permits deletion of properties but does not allow overwriting their original behavior. ### Patches This issue is patched on 4.17.23.

4.17.23
Affected by 2 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-17T00:11:42.690797+00:00	GitLab Importer	Affected by	VCID-jsc5-qvjm-6kek	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/lodash-amd/CVE-2025-13465.yml	38.4.0
2026-04-16T20:56:01.532977+00:00	GitLab Importer	Affected by	VCID-dzeb-zu9x-g3bq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/lodash-amd/CVE-2019-10744.yml	38.4.0
2026-04-12T01:35:30.053413+00:00	GitLab Importer	Affected by	VCID-jsc5-qvjm-6kek	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/lodash-amd/CVE-2025-13465.yml	38.3.0
2026-04-11T22:07:03.069390+00:00	GitLab Importer	Affected by	VCID-dzeb-zu9x-g3bq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/lodash-amd/CVE-2019-10744.yml	38.3.0
2026-04-03T01:44:30.109193+00:00	GitLab Importer	Affected by	VCID-jsc5-qvjm-6kek	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/lodash-amd/CVE-2025-13465.yml	38.1.0
2026-04-02T22:19:50.269032+00:00	GitLab Importer	Affected by	VCID-dzeb-zu9x-g3bq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/lodash-amd/CVE-2019-10744.yml	38.1.0
2026-04-01T16:37:37.046453+00:00	GitLab Importer	Affected by	VCID-dzeb-zu9x-g3bq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/lodash-amd/CVE-2019-10744.yml	38.0.0