Every CVE whose affected-product data names Set-in Project Set-in, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2020-28273 — CVSS 9.8 (critical): Prototype pollution vulnerability in 'set-in' versions 1.0.0 through 2.0.0 allows attacker to cause a denial of service and may lead to…
CVE-2026-26021 — CVSS 9.8 (critical): set-in provides the set value of nested associative structure given array of keys. A prototype pollution vulnerability exists in the the…
CVE-2022-25354 — CVSS 8.6 (high): The package set-in before 2.0.3 are vulnerable to Prototype Pollution via the setIn method, as it allows an attacker to merge object…