Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:npm/minimist@1.2.2
purl pkg:npm/minimist@1.2.2
Next non-vulnerable version 1.2.6
Latest non-vulnerable version 1.2.6
Risk 4.5
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-bhnm-47u8-zfhr
Aliases:
CVE-2020-7598
GHSA-vh95-rmgr-6w4m
Prototype Pollution in minimist Affected versions of `minimist` are vulnerable to prototype pollution. Arguments are not properly sanitized, allowing an attacker to modify the prototype of `Object`, causing the addition or modification of an existing property that will exist on all objects. Parsing the argument `--__proto__.y=Polluted` adds a `y` property with value `Polluted` to all objects. The argument `--__proto__=Polluted` raises and uncaught error and crashes the application. This is exploitable if attackers have control over the arguments being passed to `minimist`. ## Recommendation Upgrade to versions 0.2.1, 1.2.3 or later.
1.2.3
Affected by 1 other vulnerability.
VCID-turp-dju7-c7fx
Aliases:
CVE-2021-44906
GHSA-xvch-5gv4-984h
Prototype Pollution in minimist Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).
1.2.6
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-4t4e-47cq-2ffx Withdrawn: ESLint dependencies are vulnerable (ReDoS and Prototype Pollution) **Withdrawn** GitHub has withdrawn this advisory in place of GHSA-vh95-rmgr-6w4m and GHSA-6chw-6frg-f759. The reason for withdrawing is that some mistakes were made during the ingestion of CVE-2020-7598 which caused this advisory to be published with incorrect information. In order to provide accurate advisory information, new advisories were created: - minimist: https://github.com/advisories/GHSA-vh95-rmgr-6w4m - acorn: https://github.com/advisories/GHSA-6chw-6frg-f759 GHSA-7fhm-mqm4-2wp7
VCID-bhnm-47u8-zfhr Prototype Pollution in minimist Affected versions of `minimist` are vulnerable to prototype pollution. Arguments are not properly sanitized, allowing an attacker to modify the prototype of `Object`, causing the addition or modification of an existing property that will exist on all objects. Parsing the argument `--__proto__.y=Polluted` adds a `y` property with value `Polluted` to all objects. The argument `--__proto__=Polluted` raises and uncaught error and crashes the application. This is exploitable if attackers have control over the arguments being passed to `minimist`. ## Recommendation Upgrade to versions 0.2.1, 1.2.3 or later. CVE-2020-7598
GHSA-vh95-rmgr-6w4m

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T21:43:02.379664+00:00 GitLab Importer Affected by VCID-turp-dju7-c7fx https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/minimist/CVE-2021-44906.yml 38.4.0
2026-04-16T21:01:23.597412+00:00 GitLab Importer Fixing VCID-bhnm-47u8-zfhr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/minimist/CVE-2020-7598.yml 38.4.0
2026-04-16T01:32:15.413208+00:00 GHSA Importer Affected by VCID-bhnm-47u8-zfhr https://github.com/advisories/GHSA-vh95-rmgr-6w4m 38.4.0
2026-04-11T22:58:35.162035+00:00 GitLab Importer Affected by VCID-turp-dju7-c7fx https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/minimist/CVE-2021-44906.yml 38.3.0
2026-04-11T22:12:42.507462+00:00 GitLab Importer Fixing VCID-bhnm-47u8-zfhr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/minimist/CVE-2020-7598.yml 38.3.0
2026-04-11T13:01:36.531499+00:00 GHSA Importer Affected by VCID-bhnm-47u8-zfhr https://github.com/advisories/GHSA-vh95-rmgr-6w4m 38.3.0
2026-04-02T23:07:22.884964+00:00 GitLab Importer Affected by VCID-turp-dju7-c7fx https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/minimist/CVE-2021-44906.yml 38.1.0
2026-04-02T22:25:06.938648+00:00 GitLab Importer Fixing VCID-bhnm-47u8-zfhr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/minimist/CVE-2020-7598.yml 38.1.0
2026-04-02T13:53:37.094725+00:00 GHSA Importer Affected by VCID-bhnm-47u8-zfhr https://github.com/advisories/GHSA-vh95-rmgr-6w4m 38.1.0
2026-04-01T17:26:41.938977+00:00 GitLab Importer Affected by VCID-turp-dju7-c7fx https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/minimist/CVE-2021-44906.yml 38.0.0
2026-04-01T16:43:02.081175+00:00 GitLab Importer Fixing VCID-bhnm-47u8-zfhr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/minimist/CVE-2020-7598.yml 38.0.0
2026-04-01T15:58:01.119608+00:00 GHSA Importer Fixing VCID-4t4e-47cq-2ffx https://github.com/advisories/GHSA-7fhm-mqm4-2wp7 38.0.0
2026-04-01T13:00:15.550196+00:00 GithubOSV Importer Fixing VCID-4t4e-47cq-2ffx https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/03/GHSA-7fhm-mqm4-2wp7/GHSA-7fhm-mqm4-2wp7.json 38.0.0