npm package
algoliasearch-helper
pkg:npm/algoliasearch-helper
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-3193 | — | >= 2.0.0-rc1, < 3.11.2 | 3.11.2 | Sep 27, 2025 | Versions of the package algoliasearch-helper from 2.0.0-rc1 and before 3.11.2 are vulnerable to Prototype Pollution in the _merge() function in merge.js, which allows constructor.prototype to be written even though doing so throws an error. In the "extreme edge-case" that the res | ||
| CVE-2021-23433 | Med | 5.9 | < 3.6.2 | 3.6.2 | Nov 19, 2021 | The package algoliasearch-helper before 3.6.2 are vulnerable to Prototype Pollution due to use of the merge function in src/SearchParameters/index.jsSearchParameters._parseNumbers without any protection against prototype properties. Note that this vulnerability is only exploitabl |
- CVE-2025-3193Sep 27, 2025affected >= 2.0.0-rc1, < 3.11.2fixed 3.11.2
Versions of the package algoliasearch-helper from 2.0.0-rc1 and before 3.11.2 are vulnerable to Prototype Pollution in the _merge() function in merge.js, which allows constructor.prototype to be written even though doing so throws an error. In the "extreme edge-case" that the res
- affected < 3.6.2fixed 3.6.2
The package algoliasearch-helper before 3.6.2 are vulnerable to Prototype Pollution due to use of the merge function in src/SearchParameters/index.jsSearchParameters._parseNumbers without any protection against prototype properties. Note that this vulnerability is only exploitabl