Package impact
npm / underscore
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-27601 | medium | 5.9 | 5.9 | 3mo ago | Underscore has unlimited recursion in _.flatten and _.isEqual, potential for DoS attack | |||
| CVE-2021-23358 | unknown | — | — | 5y ago | The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is p… |