VulnerableCode Package Details - pkg:npm/minimist@1.2.3

Search for packages

Vulnerability	Summary	Fixed by
VCID-turp-dju7-c7fx Aliases: CVE-2021-44906 GHSA-xvch-5gv4-984h	Prototype Pollution in minimist Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).	1.2.6 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-turp-dju7-c7fx
Aliases:
CVE-2021-44906
GHSA-xvch-5gv4-984h

Prototype Pollution in minimist Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).

1.2.6
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-bhnm-47u8-zfhr	Prototype Pollution in minimist Affected versions of `minimist` are vulnerable to prototype pollution. Arguments are not properly sanitized, allowing an attacker to modify the prototype of `Object`, causing the addition or modification of an existing property that will exist on all objects. Parsing the argument `--__proto__.y=Polluted` adds a `y` property with value `Polluted` to all objects. The argument `--__proto__=Polluted` raises and uncaught error and crashes the application. This is exploitable if attackers have control over the arguments being passed to `minimist`. ## Recommendation Upgrade to versions 0.2.1, 1.2.3 or later.	CVE-2020-7598 GHSA-vh95-rmgr-6w4m

Vulnerability

Summary

Aliases

VCID-bhnm-47u8-zfhr

Prototype Pollution in minimist Affected versions of `minimist` are vulnerable to prototype pollution. Arguments are not properly sanitized, allowing an attacker to modify the prototype of `Object`, causing the addition or modification of an existing property that will exist on all objects. Parsing the argument `--__proto__.y=Polluted` adds a `y` property with value `Polluted` to all objects. The argument `--__proto__=Polluted` raises and uncaught error and crashes the application. This is exploitable if attackers have control over the arguments being passed to `minimist`. ## Recommendation Upgrade to versions 0.2.1, 1.2.3 or later.

CVE-2020-7598
GHSA-vh95-rmgr-6w4m

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T21:43:02.382934+00:00	GitLab Importer	Affected by	VCID-turp-dju7-c7fx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/minimist/CVE-2021-44906.yml	38.4.0
2026-04-16T01:32:15.417335+00:00	GHSA Importer	Fixing	VCID-bhnm-47u8-zfhr	https://github.com/advisories/GHSA-vh95-rmgr-6w4m	38.4.0
2026-04-11T22:58:35.165375+00:00	GitLab Importer	Affected by	VCID-turp-dju7-c7fx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/minimist/CVE-2021-44906.yml	38.3.0
2026-04-11T13:01:36.534956+00:00	GHSA Importer	Fixing	VCID-bhnm-47u8-zfhr	https://github.com/advisories/GHSA-vh95-rmgr-6w4m	38.3.0
2026-04-02T23:07:22.888162+00:00	GitLab Importer	Affected by	VCID-turp-dju7-c7fx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/minimist/CVE-2021-44906.yml	38.1.0
2026-04-02T13:53:37.098082+00:00	GHSA Importer	Fixing	VCID-bhnm-47u8-zfhr	https://github.com/advisories/GHSA-vh95-rmgr-6w4m	38.1.0
2026-04-01T17:26:41.942622+00:00	GitLab Importer	Affected by	VCID-turp-dju7-c7fx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/minimist/CVE-2021-44906.yml	38.0.0
2026-04-01T15:58:02.849838+00:00	GHSA Importer	Fixing	VCID-bhnm-47u8-zfhr	https://github.com/advisories/GHSA-vh95-rmgr-6w4m	38.0.0
2026-04-01T12:59:31.228269+00:00	GithubOSV Importer	Fixing	VCID-bhnm-47u8-zfhr	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/04/GHSA-vh95-rmgr-6w4m/GHSA-vh95-rmgr-6w4m.json	38.0.0