VulnerableCode Package Details - pkg:npm/rollbar@2.13.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-1hfu-wwu4-e3bn Aliases: CVE-2025-62517 GHSA-xcg2-9pp4-j82x	Rollbar.js offers error tracking and logging from Javascript to Rollbar. In versions before 2.26.5 and from 3.0.0-alpha1 to before 3.0.0-beta5, there is a prototype pollution vulnerability in merge(). If application code calls rollbar.configure() with untrusted input, prototype pollution is possible. This issue has been fixed in versions 2.26.5 and 3.0.0-beta5. A workaround involves ensuring that values passed to rollbar.configure() do not contain untrusted input.	2.26.5 Affected by 0 other vulnerabilities. 3.0.0-beta5 Affected by 0 other vulnerabilities. 3.0.0-rc.1 Affected by 0 other vulnerabilities.
VCID-2yer-hmzk-xyhh Aliases: GHSA-m929-rg27-gj99	Duplicate Advisory: rollbar vulnerable to prototype pollution	3.0.0-alpha.1 Affected by 0 other vulnerabilities.
VCID-93rh-4rhx-hyh9 Aliases: CVE-2025-57325 GHSA-r8c2-2qwq-94p6	rollbar is a package designed to effortlessly track and debug errors in JavaScript applications. This package includes advanced error tracking features and an intuitive interface to help you identify and fix issues more quickly. A Prototype Pollution vulnerability in the utility.set function of rollbar v2.26.4 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence.	2.26.5 Affected by 0 other vulnerabilities. 3.0.0-beta5 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-1hfu-wwu4-e3bn
Aliases:
CVE-2025-62517
GHSA-xcg2-9pp4-j82x

Rollbar.js offers error tracking and logging from Javascript to Rollbar. In versions before 2.26.5 and from 3.0.0-alpha1 to before 3.0.0-beta5, there is a prototype pollution vulnerability in merge(). If application code calls rollbar.configure() with untrusted input, prototype pollution is possible. This issue has been fixed in versions 2.26.5 and 3.0.0-beta5. A workaround involves ensuring that values passed to rollbar.configure() do not contain untrusted input.

2.26.5
Affected by 0 other vulnerabilities.

3.0.0-beta5
Affected by 0 other vulnerabilities.

3.0.0-rc.1
Affected by 0 other vulnerabilities.

VCID-2yer-hmzk-xyhh
Aliases:
GHSA-m929-rg27-gj99

Duplicate Advisory: rollbar vulnerable to prototype pollution

3.0.0-alpha.1
Affected by 0 other vulnerabilities.

VCID-93rh-4rhx-hyh9
Aliases:
CVE-2025-57325
GHSA-r8c2-2qwq-94p6

rollbar is a package designed to effortlessly track and debug errors in JavaScript applications. This package includes advanced error tracking features and an intuitive interface to help you identify and fix issues more quickly. A Prototype Pollution vulnerability in the utility.set function of rollbar v2.26.4 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence.

2.26.5
Affected by 0 other vulnerabilities.

3.0.0-beta5
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-12T20:26:37.088618+00:00	GitLab Importer	Affected by	VCID-1hfu-wwu4-e3bn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/rollbar/CVE-2025-62517.yml	38.6.0
2026-06-12T20:25:52.982203+00:00	GitLab Importer	Affected by	VCID-93rh-4rhx-hyh9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/rollbar/CVE-2025-57325.yml	38.6.0
2026-06-12T20:21:47.738400+00:00	GitLab Importer	Affected by	VCID-2yer-hmzk-xyhh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/rollbar/GHSA-m929-rg27-gj99.yml	38.6.0