underscore
Ecosystem:
npm
npm
Package URL:
pkg:npm/underscore
Total PRs:
644 Dependabot PRs
644 Dependabot PRs
Latest PR:
9 days ago
9 days ago
Unique Repositories:
460 repositories
460 repositories
Unique Repos (30 days):
21 repositories
21 repositories
Security Advisories
Underscore has unlimited recursion in _.flatten and _.isEqual, potential for DoS attack
GHSA-qpx9-hpmf-5gmw
CVE-2026-27601
HIGH
published 3 months ago
• updated 5 days ago
### Impact
In simple words, some programs that use `_.flatten` or `_.isEqual` could be made to crash. Someone who wants to do harm may be able to ...
Arbitrary Code Execution in underscore
GHSA-cf4h-3jhx-xvhq
CVE-2021-23358
CRITICAL
published about 5 years ago
• updated 7 days ago
The package `underscore` from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Execution via the templat...
Recent PRs (filtered by: Removal PRs )
build(deps): bump underscore and @kubernetes/client-node in /components/centraldashboard-angular/backend
kubeflow/dashboard #231
removed
Removal PR
Open
3 months ago
1 comment
chore(deps): bump underscore and bfj in /met-web
bcgov/met-public #2762
removed
Removal PR
Closed
3 months ago
3 comments
Bump underscore and web3
scedar/kickstart-ethereum-app #15
removed
Removal PR
Closed
6 months ago
1 comment
build(deps): bump underscore and highlight.js
slievrly/fescar-group.github.io #12
removed
Removal PR
Open
8 months ago
Package Details
| Name: | underscore |
| Ecosystem: | npm |
| PURL Type: | npm |
| Package URL: | pkg:npm/underscore |
| JSON API: | View JSON |
Security Advisories
Package Information
Description:
JavaScript's functional programming helper library.
| Repository: | https://github.com/jashkenas/underscore |
| Homepage: | https://underscorejs.org |
| Latest Release: |
1.13.7
almost 2 years ago |
| Dependent Repos: | 738,210 |
| Dependent Packages: | 25,330 |
| Downloads: | 62,844,288 |
| Ranking: | Top 0.042% by dependent repos Top 0.0307% by downloads Top 0.0044% by dependent pkgs |