Search Vulnerabilities

piscina: Prototype Pollution Gadget → RCE via inherited options.filename

deepstream is vulnerable to prototype pollution

ThingsBoard contains a prototype pollution vulnerability which may lead to arbitrary code execution within a sandboxed context by a user who can lo...

i18next-http-middleware missingKeyHandler does not reject keys whose segments contain prototype-polluting names

i18next-fs-backend: Prototype pollution via crafted missing-key string

RubyLouvre avalon Template Filter index.js prototype pollution

jsonata-js jsonata Function Binding Frame System jsonata.js createFrame prototype pollution

Apostrophe has Server-Side Prototype Pollution in apos.util.set via patch operators that leads to process-wide authorization bypass

Axios: DoS & Header Injection via Prototype Pollution Read-Side Gadgets in axios merge functions

Axios: Credential Theft and Response Hijacking via Prototype Pollution Gadget in Config Merge

Axios: Full Man-in-the-Middle via Prototype Pollution Gadget in `config.proxy`

Axios: Proxy-Authorization Header Injection via Prototype Pollution — Incomplete Null-Prototype Fix

JavaScript Cookie: Per-instance prototype hijack in assign() enables cookie-attribute injection

Prototype Pollution in parse-nested-form-data via `__proto__` in FormData field names

Prototype pollution in form-data-objectizer via bracket-notation form keys

deepobj: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

RVF: Prototype pollution in @rvf/set-get reachable via @rvf/core preprocessFormData (HTTP form data)

Velocity.js: Prototype Pollution in #set path assignment

Prototype pollution in csv parsing

Versions of the package jsondiffpatch before 0