Underscorejs Underscore

2 CVEs affecting Underscorejs Underscore. Latest disclosed: 2026-03-03. Critical: 0, High: 0.

Top CVEs affecting Underscorejs Underscore
CVESeverityScorePublishedSummary
CVE-2026-27601Medium5.92026-03-03Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the _.flatten and _.isEqual functions use recursion without a depth limit. Under very…
CVE-2021-23358Low3.32021-03-29The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, pa…