Lodash-es
This hub aggregates every CVE we track for Lodash-es, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
8
CVEs tracked
1
Critical
3
High
0
In CISA KEV
Severity distribution
MEDIUM4HIGH3CRITICAL1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
2
0
0
0
2024-072026-06
Latest CVEs
The 8 most recently published vulnerabilities affecting Lodash-es.
- CVE-2026-4800lodash vulnerable to Code Injection via `_.template` imports key names8.1
- CVE-2026-2950lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`6.5
- CVE-2025-13465Prototype Pollution Vulnerability in Lodash _.unset and _.omit functions5.3
- CVE-2021-23337Command Injection7.2
- CVE-2020-28500Regular Expression Denial of Service (ReDoS)5.3
- CVE-2020-8203Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.7.4
- CVE-2019-10744Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor p...9.1
- CVE-2019-1010266lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very lo...6.5
Product normalization is registry-driven with AI assist and human review. How it works