lodash
Security Risk Profile
56
/100
mediumSecurity Risk Score
Comprehensive risk assessment based on 10 vulnerabilities, EPSS scores, exploitation status, and remediation availability.
📅 Data spans from February 15, 2018 to present
10
Total CVEs
4
Critical+High
0
Exploited
0
Unpatched
Threat Assessment
Avg CVSS
7.1
Base severity
Avg EPSS
0%
Exploit probability
Unpatched
0
Critical/High
Risk Level
56/100
medium
Severity Distribution
Critical
2High
2Medium
6Low
0Exploit Likelihood
>50% chance
020-50%
05-20%
0<5%
1Age Distribution
Common Weaknesses (CWE)
1
Input Validation
3
2
Code Injection
2
3
OS Command Injection
1
4
Command Injection
1
Most Affected Products
1. IBM Business Automation Insights18
2. npm/lodash12
3. Oracle Primavera Gateway12
4. Oracle Banking Extensibility Workbench11
5. Lodash Lodash Node.js10
Recent Vulnerabilities
See more →CVE-2026-4800
CVSS 9.8EPSS 0%critical
lodash vulnerable to Code Injection via `_.template` imports key names
3/31/2026
CVE-2026-2950
CVSS 6.5medium
lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`
3/31/2026
CVE-2025-13465
CVSS 6.9medium
Prototype Pollution Vulnerability in Lodash _.unset and _.omit functions
1/21/2026
CVE-2021-23337
CVSS 7.2high
Command Injection
2/15/2021
CVE-2020-28500
CVSS 5.3medium
Regular Expression Denial of Service (ReDoS)
2/15/2021
CVE-2020-8203
CVSS 7.4high
4/27/2020
CVE-2019-1010266
CVSS 6.5medium
7/17/2019
CVE-2019-10744
CVSS 9.1critical
7/10/2019
CVE-2018-16487
CVSS 5.6medium
2/1/2019
CVE-2018-3721
CVSS 6.5medium
2/15/2018
Monitor lodash in Real-Time
Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.