VYPR
Vendor

Underscorejs

Products
1
CVEs
2
Across products
2
Status
Private

Products

1

Recent CVEs

2
  • CVE-2024-57081HigFeb 5, 2025
    risk 0.49cvss 7.5epss 0.00

    A prototype pollution in the lib.fromQuery function of underscore-contrib v0.3.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.

  • CVE-2026-27601MedMar 3, 2026
    risk 0.31cvss 5.9epss 0.01

    Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the _.flatten and _.isEqual functions use recursion without a depth limit. Under very specific conditions, detailed below, an attacker could exploit this in a Denial of Service (DoS) attack by triggering a…