All 9 CVE vulnerabilities found in Lodash, with AI-generated Chinese analysis, references, and POCs.
Vendor: HackerOne
| CVE ID | Title | CVSS | Severity | Paused |
|---|---|---|---|---|
| CVE-2026-4800 | lodash vulnerable to Code Injection via `_.template` imports key names CWE-94 | 8.1 | High | 2026-03-31 |
| CVE-2026-2950 | lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit` CWE-1321 | 6.5 | Medium | 2026-03-31 |
| CVE-2025-13465 | Prototype Pollution Vulnerability in Lodash _.unset and _.omit functions CWE-1321 | 9.1AI | CriticalAI | 2026-01-21 |
| CVE-2021-23337 | Command Injection | 7.2 | High | 2021-02-15 |
| CVE-2020-28500 | Regular Expression Denial of Service (ReDoS) | 5.3 | Medium | 2021-02-15 |
| CVE-2020-8203 | lodash 输入验证错误漏洞 CWE-770 | 8.1 | - | 2020-07-15 |
| CVE-2019-10744 | lodash 安全漏洞 | 8.2 | - | 2019-07-25 |
| CVE-2019-1010266 | lodash 资源管理错误漏洞 CWE-400 | 7.5 | - | 2019-07-17 |
| CVE-2018-16487 | lodash 资源管理错误漏洞 CWE-400 | 6.5 | - | 2019-02-01 |
All 9 known CVE vulnerabilities affecting Lodash with full Chinese analysis, references, and POCs where available.