VYPR

npm package

lodash.unset

pkg:npm/lodash.unset

Vulnerabilities (2)

  • CVE-2026-2950MedMar 31, 2026
    affected >= 4.0.0, < 4.18.0fixed 4.18.0

    Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the _.unset and _.omit functions. The fix for (CVE-2025-13465: https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg) only guards against string key members, so an attacker ca

  • CVE-2025-13465MedJan 21, 2026
    affected >= 4.0.0, <= 4.5.2

    Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset and _.omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes. The issue permits deletion of properties but does not allow overwritin