Search for packages
| purl | pkg:npm/rollbar@2.3.0 |
| Next non-vulnerable version | 2.26.5 |
| Latest non-vulnerable version | 3.0.0-rc.1 |
| Risk | 3.4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-4wud-yfew-dqc4
Aliases: GHSA-m929-rg27-gj99 |
rollbar vulnerable to prototype pollution rollbar is a package designed to effortlessly track and debug errors in JavaScript applications. This package includes advanced error tracking features and an intuitive interface to help you identify and fix issues more quickly. A Prototype Pollution vulnerability in the utility.set function of rollbar v2.26.4 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence. |
Affected by 0 other vulnerabilities. |
|
VCID-fj2p-16vc-8fc6
Aliases: CVE-2025-62517 GHSA-xcg2-9pp4-j82x |
rollbar vulnerable to Prototype Pollution in merge() Prototype pollution vulnerability in merge(). If application code calls `rollbar.configure()` with untrusted input, prototype pollution is possible. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-hejw-1yqn-r3fj
Aliases: CVE-2025-57325 GHSA-r8c2-2qwq-94p6 |
rollbar vulnerable to prototype pollution Prototype pollution potential with the utility function `rollbar/src/utility`.`set()`. No impact when using the published public interface. If application code directly imports `set` from `rollbar/src/utility` and then calls `set` with untrusted input in the second argument, it is vulnerable to prototype pollution. POC: ```js const obj = {}; require("rollbar/src/utility").set(obj, "__proto__.polluted", "vulnerable"); console.log({}.polluted !== undefined ? '[POLLUTION_TRIGGERED]':''); ``` |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-06T06:16:55.452351+00:00 | GitLab Importer | Affected by | VCID-fj2p-16vc-8fc6 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/rollbar/CVE-2025-62517.yml | 38.6.0 |
| 2026-06-06T06:16:03.942816+00:00 | GitLab Importer | Affected by | VCID-hejw-1yqn-r3fj | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/rollbar/CVE-2025-57325.yml | 38.6.0 |
| 2026-06-06T06:11:22.892981+00:00 | GitLab Importer | Affected by | VCID-4wud-yfew-dqc4 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/rollbar/GHSA-m929-rg27-gj99.yml | 38.6.0 |