CVE Daily
← All tags

Tag: Prototype Pollution

All CVEs associated with "Prototype Pollution". Page 1/1 • 10 CVEs.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2025-08-14
High

CVE-2025-55195

@std/toml is the Deno Standard Library. Prior to version 1.0.9, an attacker can pollute the prototype chain in Node.js runtime and Browser when parsing untrusted TOML data, thus achieving Prototype P…

CVSS: 7.3 CWE: CWE-1321
Read more
2025-08-12
High

CVE-2025-55164

content-security-policy-parser parses content security policy directives. A prototype pollution vulnerability exists in versions 0.5.0 and earlier, wherein if a policy name is called __proto__, one c…

CVSS: 8.8 CWE: CWE-1321
Read more
2025-08-05
High

CVE-2025-54803

js-toml is a TOML parser for JavaScript, fully compliant with the TOML 1.0.0 Spec. In versions below 1.0.2, a prototype pollution vulnerability in js-toml allows a remote attacker to add or modify pr…

CVSS: 7.9 CWE: CWE-1321
Read more
2025-07-31
High

CVE-2025-34146

A prototype pollution vulnerability exists in @nyariv/sandboxjs versions <= 0.8.23, allowing attackers to inject arbitrary properties into Object.prototype via crafted JavaScript code. This can resul…

CVSS: 7.0 CWE: CWE-1321
Read more
2025-07-25
High

CVE-2025-8101

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability in Linkify (linkifyjs) allows XSS Targeting HTML Attributes and Manipulating User-Controlled Va…

CVSS: 8.8 CWE: CWE-1321
Read more
2025-07-10
Medium

CVE-2025-53626

pdfme is a TypeScript-based PDF generator and React-based UI. The expression evaluation feature in pdfme 5.2.0 to 5.4.0 contains critical vulnerabilities allowing sandbox escape leading to XSS and pr…

CVSS: 6.1 CWE: CWE-79
Read more
2025-06-25
Medium

CVE-2024-57708

An issue in OneTrust SDK v.6.33.0 allows a local attacker to cause a denial of service via the Object.setPrototypeOf, __proto__, and Object.assign components. NOTE: this is disputed by the Supplier w…

CVSS: 5.7 CWE: CWE-400
Read more
2025-05-19
High

CVE-2025-26621

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.5.2, any user with the capability manage customizations can edit webhook that w…

CVSS: 7.6 CWE: CWE-94
Read more
2024-12-18
High

CVE-2024-21548

Versions of the package bun after 0.0.12 and before 1.1.30 are vulnerable to Prototype Pollution due to improper input sanitization. An attacker can exploit this vulnerability through Bun's APIs that…

CVSS: 7.5 CWE: CWE-1321
Read more
2021-04-23
High

CVE-2021-20087

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-deparam 0.5.1 allows a malicious user to inject properties into Object.prototype.

CVSS: 8.8 CWE: CWE-1321
Read more