lodash.unset (npm) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package lodash.unset, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (2)
CVE-2026-2950 — CVSS 6.5 (medium): Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the _.unset and _.omit functions. The fix for…
CVE-2025-13465 — CVSS 5.3 (medium): Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset and _.omit functions. An attacker can pass…