ts-deepmerge
npm2 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting ts-deepmergepage 1 of 1
- CVE-2022-25907HIGHCVSS 7.5EG 7.5✓ Fixed in 2.0.22022-08-09
The package ts-deepmerge before 2.0.2 are vulnerable to Prototype Pollution due to missing sanitization of the merge function.
- CVE-2026-12644MEDIUMCVSS 5.3EG 5.3✓ Fixed in 8.0.02026-06-19
Versions of the package ts-deepmerge before 8.0.0 are vulnerable to Uncaught Exception due to the improper handling of built-in Object.prototype methods (such as toString, valueOf). When user-controlled input contains these keys with non-f…
Check whether ts-deepmerge is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for ts-deepmerge CVEs against the assets you own.
Start Free Scan →