npm (Node.js)

lodash-es

lodash-es has 3 known security vulnerabilities in npm (Node.js). Upgrade to version 4.17.23 or later to resolve all known issues. Data sourced from OSV, enriched with EPSS exploit probability and CISA KEV.

3 Vulnerabilities

Recommended safe version: 4.17.23

Upgrading to 4.17.23 or later resolves all 3 known vulnerabilities in lodash-es. Run: npm install lodash-es@4.17.23

Is lodash-es in your project?

Check if you're affected and upgrade to 4.17.23 to stay secure.

Scan Now Create Free Account to Monitor

Total

Critical

High

Medium

Low

Vulnerabilities

3 unique vulnerabilities — sorted by severity. Click a CVE/GHSA ID for full details.

CVE / GHSA	Severity	CVSS	Summary	Affected	Fixed In
GHSA-35jh-r3h4-6jhm Command Injection in lodash	HIGH	3.1	Command Injection in lodash	All versions	4.17.21
GHSA-29mw-wpgm-hmr9 Regular Expression Denial of Service (ReDoS) in lodash	MODERATE	3.1	Regular Expression Denial of Service (ReDoS) in lodash	All versions	4.17.21
GHSA-xxjr-mmjv-4gpg Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions	MODERATE	3.1	Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions	All versions	4.17.23

About This Data

Vulnerability data for lodash-es is sourced from the Open Source Vulnerability (OSV) database, aggregating reports from GitHub Advisory Database, NIST NVD, and ecosystem-specific sources.

CVSS (Common Vulnerability Scoring System) scores reflect exploitability and impact. EPSS (Exploit Prediction Scoring System) scores indicate the probability of exploitation within the next 30 days. Vulnerabilities marked with are listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.

Check Your Dependencies

Scan your project to check if you're using a vulnerable version of lodash-es.

Scan Now - It's Free Create Free Account

Data from OSV DatabaseUpdated daily200K+ vulnerabilities indexed