VulnerableCode Package Details - pkg:npm/rollbar@2.26.5

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-fj2p-16vc-8fc6	rollbar vulnerable to Prototype Pollution in merge() Prototype pollution vulnerability in merge(). If application code calls `rollbar.configure()` with untrusted input, prototype pollution is possible.	CVE-2025-62517 GHSA-xcg2-9pp4-j82x
VCID-hejw-1yqn-r3fj	rollbar vulnerable to prototype pollution Prototype pollution potential with the utility function `rollbar/src/utility`.`set()`. No impact when using the published public interface. If application code directly imports `set` from `rollbar/src/utility` and then calls `set` with untrusted input in the second argument, it is vulnerable to prototype pollution. POC: ```js const obj = {}; require("rollbar/src/utility").set(obj, "__proto__.polluted", "vulnerable"); console.log({}.polluted !== undefined ? '[POLLUTION_TRIGGERED]':''); ```	CVE-2025-57325 GHSA-r8c2-2qwq-94p6

Vulnerability

Summary

Aliases

VCID-fj2p-16vc-8fc6

rollbar vulnerable to Prototype Pollution in merge() Prototype pollution vulnerability in merge(). If application code calls `rollbar.configure()` with untrusted input, prototype pollution is possible.

CVE-2025-62517
GHSA-xcg2-9pp4-j82x

VCID-hejw-1yqn-r3fj

rollbar vulnerable to prototype pollution Prototype pollution potential with the utility function `rollbar/src/utility`.`set()`. No impact when using the published public interface. If application code directly imports `set` from `rollbar/src/utility` and then calls `set` with untrusted input in the second argument, it is vulnerable to prototype pollution. POC: ```js const obj = {}; require("rollbar/src/utility").set(obj, "__proto__.polluted", "vulnerable"); console.log({}.polluted !== undefined ? '[POLLUTION_TRIGGERED]':''); ```

CVE-2025-57325
GHSA-r8c2-2qwq-94p6

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-05T21:51:49.701142+00:00	GHSA Importer	Fixing	VCID-fj2p-16vc-8fc6	https://github.com/advisories/GHSA-xcg2-9pp4-j82x	38.6.0
2026-06-05T21:51:36.090313+00:00	GHSA Importer	Fixing	VCID-hejw-1yqn-r3fj	https://github.com/advisories/GHSA-r8c2-2qwq-94p6	38.6.0
2026-06-04T17:06:05.921974+00:00	GithubOSV Importer	Fixing	VCID-fj2p-16vc-8fc6	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/10/GHSA-xcg2-9pp4-j82x/GHSA-xcg2-9pp4-j82x.json	38.6.0
2026-06-04T17:05:37.441273+00:00	GithubOSV Importer	Fixing	VCID-hejw-1yqn-r3fj	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/10/GHSA-r8c2-2qwq-94p6/GHSA-r8c2-2qwq-94p6.json	38.6.0
2026-06-02T04:48:14.751015+00:00	GitLab Importer	Fixing	VCID-fj2p-16vc-8fc6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/rollbar/CVE-2025-62517.yml	38.6.0
2026-06-02T04:48:12.127148+00:00	GitLab Importer	Fixing	VCID-hejw-1yqn-r3fj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/rollbar/CVE-2025-57325.yml	38.6.0