Search for packages
| purl | pkg:npm/sds@4.0.0 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-6cw3-wuw1-x3ed
Aliases: CVE-2022-25862 GHSA-ph28-wwfj-fv7f |
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') This affects the package sds from 0.0.0. The library could be tricked into adding or modifying properties of the Object.prototype by abusing the set function located in js/set.js. **Note:** This vulnerability derives from an incomplete fix to [CVE-2020-7618](https://security.snyk.io/vuln/SNYK-JS-SDS-564123) | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-54jb-3kcq-yuba | Improper Input Validation sds is vulnerable to Prototype Pollution. The library could be tricked into adding or modifying properties of the `Object.prototype` by abusing the `set` function located in `js/set.js`. |
CVE-2020-7618
GHSA-cxm3-284p-qc4v |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-06T01:46:19.303815+00:00 | GitLab Importer | Affected by | VCID-6cw3-wuw1-x3ed | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/sds/CVE-2022-25862.yml | 38.6.0 |
| 2026-06-05T21:13:26.177459+00:00 | GHSA Importer | Fixing | VCID-54jb-3kcq-yuba | https://github.com/advisories/GHSA-cxm3-284p-qc4v | 38.6.0 |
| 2026-06-04T17:23:02.941035+00:00 | GithubOSV Importer | Fixing | VCID-54jb-3kcq-yuba | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/09/GHSA-cxm3-284p-qc4v/GHSA-cxm3-284p-qc4v.json | 38.6.0 |
| 2026-06-04T16:19:55.432598+00:00 | GitLab Importer | Fixing | VCID-54jb-3kcq-yuba | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/sds/CVE-2020-7618.yml | 38.6.0 |