VulnerableCode Package Details - pkg:npm/lodash@4.17.22

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:npm/lodash@4.17.22

Essentials
History (1)

purl	pkg:npm/lodash@4.17.22
Tags	Ghost

Next non-vulnerable version	4.18.0
Latest non-vulnerable version	4.18.0
Risk	3.7

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-jsc5-qvjm-6kek Aliases: CVE-2025-13465 GHSA-xxjr-mmjv-4gpg	Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions ### Impact Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the `_.unset` and `_.omit` functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes. The issue permits deletion of properties but does not allow overwriting their original behavior. ### Patches This issue is patched on 4.17.23.	4.17.23 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T16:07:48.838338+00:00	GHSA Importer	Affected by	VCID-jsc5-qvjm-6kek	https://github.com/advisories/GHSA-xxjr-mmjv-4gpg	38.0.0