Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:npm/lodash.template@3.4.0
purl pkg:npm/lodash.template@3.4.0
Next non-vulnerable version 4.18.0
Latest non-vulnerable version 4.18.0
Risk 4.5
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-dzeb-zu9x-g3bq
Aliases:
CVE-2019-10744
GHSA-jf85-cpcp-j695
Prototype Pollution in lodash Versions of `lodash` before 4.17.12 are vulnerable to Prototype Pollution. The function `defaultsDeep` allows a malicious user to modify the prototype of `Object` via `{constructor: {prototype: {...}}}` causing the addition or modification of an existing property that will exist on all objects.
4.5.0
Affected by 1 other vulnerability.
VCID-fhw1-4c1k-sfh3
Aliases:
CVE-2021-23337
GHSA-35jh-r3h4-6jhm
Command Injection in lodash `lodash` versions prior to 4.17.21 are vulnerable to Command Injection via the template function. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T21:22:16.733963+00:00 GitLab Importer Affected by VCID-fhw1-4c1k-sfh3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/lodash.template/CVE-2021-23337.yml 38.4.0
2026-04-16T20:56:00.131465+00:00 GitLab Importer Affected by VCID-dzeb-zu9x-g3bq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/lodash.template/CVE-2019-10744.yml 38.4.0
2026-04-16T01:44:02.199688+00:00 GHSA Importer Affected by VCID-fhw1-4c1k-sfh3 https://github.com/advisories/GHSA-35jh-r3h4-6jhm 38.4.0
2026-04-11T22:34:48.733581+00:00 GitLab Importer Affected by VCID-fhw1-4c1k-sfh3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/lodash.template/CVE-2021-23337.yml 38.3.0
2026-04-11T22:07:01.566221+00:00 GitLab Importer Affected by VCID-dzeb-zu9x-g3bq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/lodash.template/CVE-2019-10744.yml 38.3.0
2026-04-11T13:13:14.647092+00:00 GHSA Importer Affected by VCID-fhw1-4c1k-sfh3 https://github.com/advisories/GHSA-35jh-r3h4-6jhm 38.3.0
2026-04-02T22:45:56.593388+00:00 GitLab Importer Affected by VCID-fhw1-4c1k-sfh3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/lodash.template/CVE-2021-23337.yml 38.1.0
2026-04-02T22:19:48.865473+00:00 GitLab Importer Affected by VCID-dzeb-zu9x-g3bq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/lodash.template/CVE-2019-10744.yml 38.1.0
2026-04-02T14:04:38.601850+00:00 GHSA Importer Affected by VCID-fhw1-4c1k-sfh3 https://github.com/advisories/GHSA-35jh-r3h4-6jhm 38.1.0
2026-04-01T17:03:50.118902+00:00 GitLab Importer Affected by VCID-fhw1-4c1k-sfh3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/lodash.template/CVE-2021-23337.yml 38.0.0
2026-04-01T16:37:35.468795+00:00 GitLab Importer Affected by VCID-dzeb-zu9x-g3bq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/lodash.template/CVE-2019-10744.yml 38.0.0