[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2021-44906":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":93,"aliases":116,"duplicate_of":9,"upstream":118,"downstream":119,"duplicates":172,"related":173,"reserved_at":9,"published_at":183,"modified_at":184,"state":185,"summary":186,"references_raw":194,"kevs":266,"epss":267,"epss_history":270,"metrics":528,"affected":539},"CVE-2021-44906","Minimist \u003C=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-1321","Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')","The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.","weakness","Incomplete","Variant",[19,67,89],{"id":20,"name":21,"techniques":22},"CAPEC-1","Accessing Functionality Not Properly Constrained by ACLs",[23],{"id":24,"name":25,"tactics":26,"countermeasures":42},"T1574.010","Services File Permissions Weakness",[27,30,33,36,39],{"id":28,"name":29},"TA0110","Persistence",{"id":31,"name":32},"TA0111","Privilege Escalation",{"id":34,"name":35},"TA0030","Defense Evasion",{"id":37,"name":38},"TA0005","Stealth",{"id":40,"name":41},"TA0104","Execution",[43,48,52,57,62],{"id":44,"name":45,"tactic":46},"D3-SWI","Software Inventory",{"name":47},"Model",{"id":49,"name":50,"tactic":51},"D3-AVE","Asset Vulnerability Enumeration",{"name":47},{"id":53,"name":54,"tactic":55},"D3-SBV","Service Binary Verification",{"name":56},"Detect",{"id":58,"name":59,"tactic":60},"D3-SU","Software Update",{"name":61},"Harden",{"id":63,"name":64,"tactic":65},"D3-RS","Restore Software",{"name":66},"Restore",{"id":68,"name":69,"techniques":70},"CAPEC-180","Exploiting Incorrectly Configured Access Control Security Levels",[71],{"id":24,"name":25,"tactics":72,"countermeasures":78},[73,74,75,76,77],{"id":28,"name":29},{"id":31,"name":32},{"id":34,"name":35},{"id":37,"name":38},{"id":40,"name":41},[79,81,83,85,87],{"id":44,"name":45,"tactic":80},{"name":47},{"id":49,"name":50,"tactic":82},{"name":47},{"id":53,"name":54,"tactic":84},{"name":56},{"id":58,"name":59,"tactic":86},{"name":61},{"id":63,"name":64,"tactic":88},{"name":66},{"id":90,"name":91,"techniques":92},"CAPEC-77","Manipulating User-Controlled Variables",[],[94,103,108],{"_key":95,"name":96,"source":97,"url":98,"maturity":99,"reliability_score":100,"verified":101,"type":9,"platforms":102,"requires_auth":9,"exploitdb":9,"metasploit":9},"GITHUB_MARYNK_JAVASCRIPT-VULNERABILITY-DETECTION","Javascript Vulnerability Detection","github","https://github.com/Marynk/JavaScript-vulnerability-detection/blob/main/minimist%20PoC.zip","poc",0.3,false,[],{"_key":104,"name":105,"source":97,"url":106,"maturity":99,"reliability_score":100,"verified":101,"type":9,"platforms":107,"requires_auth":9,"exploitdb":9,"metasploit":9},"GITHUB_SUBSTACK_MINIMIST","Minimist","https://github.com/substack/minimist/blob/master/index.js#L69",[],{"_key":109,"name":110,"source":111,"url":112,"maturity":113,"reliability_score":114,"verified":101,"type":9,"platforms":115,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_9633CE21A4F715BC","Exploit Reference (snyk.io)","reference","https://snyk.io/vuln/SNYK-JS-MINIMIST-559764","unknown",0.2,[],[117],"GHSA-xvch-5gv4-984h",[],[120,122,124,126,128,130,132,134,136,138,140,142,144,146,148,150,152,154,156,158,160,162,164,166,168,170],{"_key":121},"SUSE-SU-2022:1461-1",{"_key":123},"SUSE-SU-2022:1459-1",{"_key":125},"SUSE-SU-2022:1466-1",{"_key":127},"SUSE-SU-2022:2144-1",{"_key":129},"SUSE-SU-2022:2146-1",{"_key":131},"SUSE-SU-2022:1462-1",{"_key":133},"SUSE-SU-2022:1694-1",{"_key":135},"SUSE-SU-2022:1717-1",{"_key":137},"MGASA-2023-0035",{"_key":139},"DEBIAN-CVE-2021-44906",{"_key":141},"UBUNTU-CVE-2021-44906",{"_key":143},"RHSA-2022:4914",{"_key":145},"RHSA-2022:5892",{"_key":147},"RHSA-2022:5893",{"_key":149},"RHSA-2022:5894",{"_key":151},"RHSA-2022:7044",{"_key":153},"RHSA-2022:9073",{"_key":155},"RHSA-2023:0050",{"_key":157},"RHSA-2023:0321",{"_key":159},"RHSA-2023:0612",{"_key":161},"RHSA-2023:1043",{"_key":163},"RHSA-2023:1044",{"_key":165},"RHSA-2023:1045",{"_key":167},"RHSA-2025:1747",{"_key":169},"RHSA-2023:1533",{"_key":171},"RHSA-2023:1742",[],[174,175,176,177,178,179,180,181,182],{"_key":121},{"_key":123},{"_key":125},{"_key":127},{"_key":129},{"_key":131},{"_key":133},{"_key":135},{"_key":137},"2022-03-17T13:05:57.000Z","2024-08-04T04:32:13.585Z","Modified",{"cisa_kev":101,"cisa_ransomware":101,"cisa_vendor":9,"epss_severity":187,"epss_score":188,"severity":189,"severity_score":190,"severity_version":191,"severity_source":192,"severity_vector":193,"severity_status":185},"low",0.00789,"critical",9.8,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[195,205,208,211,216,220,224,229,233,237,241,245,249,253,257,262],{"url":112,"sources":196,"tags":199},[197,192,198],"cve.org","osv_npm",[200,201,202,203,204],"Exploit","Not Applicable","Patch","Third Party Advisory","WEB",{"url":98,"sources":206,"tags":207},[197,192,198],[200,203,204],{"url":106,"sources":209,"tags":210},[197,192,198],[200,203,204],{"url":212,"sources":213,"tags":214},"https://stackoverflow.com/questions/8588563/adding-custom-properties-to-a-function/20278068#20278068",[197,192,198],[215,203,204],"Issue Tracking",{"url":217,"sources":218,"tags":219},"https://github.com/substack/minimist/issues/164",[197,192,198],[200,215,202,203,204],{"url":221,"sources":222,"tags":223},"https://security.netapp.com/advisory/ntap-20240621-0006/",[197,192],[],{"url":225,"sources":226,"tags":227},"https://nvd.nist.gov/vuln/detail/CVE-2021-44906",[198],[228],"Advisory",{"url":230,"sources":231,"tags":232},"https://github.com/minimistjs/minimist/issues/11",[198],[204],{"url":234,"sources":235,"tags":236},"https://github.com/minimistjs/minimist/pull/24",[198],[204],{"url":238,"sources":239,"tags":240},"https://github.com/minimistjs/minimist/commit/34e20b8461118608703d6485326abbb8e35e1703",[198],[204],{"url":242,"sources":243,"tags":244},"https://github.com/minimistjs/minimist/commit/bc8ecee43875261f4f17eb20b1243d3ed15e70eb",[198],[204],{"url":246,"sources":247,"tags":248},"https://github.com/minimistjs/minimist/commit/c2b981977fa834b223b408cfb860f933c9811e4d",[198],[204],{"url":250,"sources":251,"tags":252},"https://github.com/minimistjs/minimist/commit/ef9153fc52b6cea0744b2239921c5dcae4697f11",[198],[204],{"url":254,"sources":255,"tags":256},"https://github.com/minimistjs/minimist/commits/v0.2.4",[198],[204],{"url":258,"sources":259,"tags":260},"https://github.com/substack/minimist",[198],[261],"PACKAGE",{"url":263,"sources":264,"tags":265},"https://security.netapp.com/advisory/ntap-20240621-0006",[198],[204],[],{"date":268,"score":188,"percentile":269},"2026-06-04",0.74219,[271,275,278,280,283,286,288,291,294,296,299,302,305,307,310,314,317,320,323,326,329,331,334,337,339,342,344,346,350,353,356,359,361,364,366,368,371,374,377,380,383,386,389,392,395,398,401,404,407,409,412,415,418,421,424,427,430,433,436,439,442,445,448,451,454,457,460,463,466,469,471,474,476,479,482,485,488,491,494,497,499,503,506,509,512,515,517,520,523,525],{"date":272,"score":273,"percentile":274},"2025-11-04",0.00882,0.74651,{"date":276,"score":273,"percentile":277},"2025-11-05",0.74641,{"date":279,"score":273,"percentile":277},"2025-11-06",{"date":281,"score":273,"percentile":282},"2025-11-07",0.74657,{"date":284,"score":273,"percentile":285},"2025-11-08",0.74656,{"date":287,"score":273,"percentile":274},"2025-11-09",{"date":289,"score":273,"percentile":290},"2025-11-10",0.74637,{"date":292,"score":273,"percentile":293},"2025-11-11",0.74638,{"date":295,"score":273,"percentile":282},"2025-11-12",{"date":297,"score":273,"percentile":298},"2025-11-13",0.74664,{"date":300,"score":273,"percentile":301},"2025-11-14",0.74669,{"date":303,"score":273,"percentile":304},"2025-11-15",0.74665,{"date":306,"score":273,"percentile":298},"2025-11-16",{"date":308,"score":273,"percentile":309},"2025-11-17",0.74654,{"date":311,"score":312,"percentile":313},"2025-11-18",0.0152,0.79663,{"date":315,"score":312,"percentile":316},"2025-11-19",0.79668,{"date":318,"score":312,"percentile":319},"2025-11-20",0.79674,{"date":321,"score":273,"percentile":322},"2025-11-21",0.74679,{"date":324,"score":273,"percentile":325},"2025-11-22",0.74672,{"date":327,"score":273,"percentile":328},"2025-11-23",0.74658,{"date":330,"score":273,"percentile":309},"2025-11-24",{"date":332,"score":273,"percentile":333},"2025-11-25",0.74655,{"date":335,"score":273,"percentile":336},"2025-11-26",0.74662,{"date":338,"score":273,"percentile":298},"2025-11-27",{"date":340,"score":273,"percentile":341},"2025-11-28",0.74652,{"date":343,"score":273,"percentile":274},"2025-11-29",{"date":345,"score":273,"percentile":274},"2025-11-30",{"date":347,"score":348,"percentile":349},"2025-12-01",0.00809,0.73579,{"date":351,"score":348,"percentile":352},"2025-12-02",0.73585,{"date":354,"score":348,"percentile":355},"2025-12-03",0.73586,{"date":357,"score":273,"percentile":358},"2025-12-04",0.74648,{"date":360,"score":273,"percentile":328},"2025-12-05",{"date":362,"score":273,"percentile":363},"2025-12-06",0.74661,{"date":365,"score":273,"percentile":328},"2025-12-07",{"date":367,"score":273,"percentile":363},"2025-12-08",{"date":369,"score":273,"percentile":370},"2025-12-09",0.74692,{"date":372,"score":273,"percentile":373},"2025-12-10",0.74718,{"date":375,"score":273,"percentile":376},"2025-12-11",0.74733,{"date":378,"score":273,"percentile":379},"2025-12-12",0.74756,{"date":381,"score":273,"percentile":382},"2025-12-13",0.74765,{"date":384,"score":273,"percentile":385},"2025-12-14",0.74762,{"date":387,"score":273,"percentile":388},"2025-12-15",0.74764,{"date":390,"score":273,"percentile":391},"2025-12-16",0.74777,{"date":393,"score":273,"percentile":394},"2025-12-17",0.74787,{"date":396,"score":273,"percentile":397},"2025-12-18",0.74809,{"date":399,"score":273,"percentile":400},"2025-12-19",0.74826,{"date":402,"score":273,"percentile":403},"2025-12-20",0.74821,{"date":405,"score":273,"percentile":406},"2025-12-21",0.74814,{"date":408,"score":273,"percentile":406},"2025-12-22",{"date":410,"score":273,"percentile":411},"2025-12-23",0.7481,{"date":413,"score":273,"percentile":414},"2025-12-24",0.74819,{"date":416,"score":273,"percentile":417},"2025-12-25",0.74845,{"date":419,"score":273,"percentile":420},"2025-12-26",0.74842,{"date":422,"score":273,"percentile":423},"2025-12-27",0.7489,{"date":425,"score":273,"percentile":426},"2025-12-28",0.74823,{"date":428,"score":273,"percentile":429},"2025-12-29",0.7482,{"date":431,"score":273,"percentile":432},"2025-12-30",0.74835,{"date":434,"score":273,"percentile":435},"2025-12-31",0.74855,{"date":437,"score":348,"percentile":438},"2026-01-01",0.73815,{"date":440,"score":348,"percentile":441},"2026-01-02",0.73817,{"date":443,"score":348,"percentile":444},"2026-01-03",0.73816,{"date":446,"score":273,"percentile":447},"2026-01-04",0.74866,{"date":449,"score":273,"percentile":450},"2026-01-05",0.74859,{"date":452,"score":273,"percentile":453},"2026-01-06",0.74873,{"date":455,"score":273,"percentile":456},"2026-01-07",0.74883,{"date":458,"score":273,"percentile":459},"2026-01-08",0.74896,{"date":461,"score":273,"percentile":462},"2026-01-09",0.749,{"date":464,"score":273,"percentile":465},"2026-01-10",0.74899,{"date":467,"score":273,"percentile":468},"2026-01-11",0.74886,{"date":470,"score":273,"percentile":453},"2026-01-12",{"date":472,"score":273,"percentile":473},"2026-01-13",0.74872,{"date":475,"score":273,"percentile":465},"2026-01-14",{"date":477,"score":273,"percentile":478},"2026-01-15",0.74907,{"date":480,"score":273,"percentile":481},"2026-01-16",0.74921,{"date":483,"score":273,"percentile":484},"2026-01-17",0.7492,{"date":486,"score":273,"percentile":487},"2026-01-18",0.74902,{"date":489,"score":273,"percentile":490},"2026-01-19",0.74893,{"date":492,"score":273,"percentile":493},"2026-01-20",0.74897,{"date":495,"score":273,"percentile":496},"2026-01-21",0.74903,{"date":498,"score":273,"percentile":478},"2026-01-22",{"date":500,"score":501,"percentile":502},"2026-01-23",0.00883,0.74952,{"date":504,"score":501,"percentile":505},"2026-01-24",0.7496,{"date":507,"score":501,"percentile":508},"2026-01-25",0.74945,{"date":510,"score":501,"percentile":511},"2026-01-26",0.74944,{"date":513,"score":501,"percentile":514},"2026-01-27",0.74953,{"date":516,"score":501,"percentile":505},"2026-01-28",{"date":518,"score":501,"percentile":519},"2026-01-29",0.74956,{"date":521,"score":501,"percentile":522},"2026-01-30",0.74958,{"date":524,"score":501,"percentile":505},"2026-01-31",{"date":526,"score":348,"percentile":527},"2026-02-01",0.73892,[529,537],{"source":192,"cvss_v2_0":530,"cvss_v3_0":9,"cvss_v3_1":535,"cvss_v4_0":9},{"baseScore":531,"baseSeverity":9,"vectorString":532,"impactScore":533,"exploitabilityScore":534},7.5,"AV:N/AC:L/Au:N/C:P/I:P/A:P",6.4,10,{"baseScore":190,"baseSeverity":536,"vectorString":193,"impactScore":190,"exploitabilityScore":534},"CRITICAL",{"source":198,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":538,"cvss_v4_0":9},{"baseScore":190,"baseSeverity":9,"vectorString":193,"impactScore":190,"exploitabilityScore":534},[540,556],{"ecosystem":541,"name":542,"vendor":541,"product":542,"cpe_part":9,"purl_type":543,"purl_namespace":9,"purl_name":542,"source":9,"versions":544},"Npm","minimist","npm",[545,553],{"version":546,"is_range":547,"range_type":548,"version_start":549,"version_start_type":550,"version_end":551,"version_end_type":552,"fixed_in":9},"gte1_0_0_lt1_2_6",true,"semver","1.0.0","including","1.2.6","excluding",{"version":554,"is_range":547,"range_type":548,"version_start":9,"version_start_type":9,"version_end":555,"version_end_type":552,"fixed_in":9},"lt0_2_4","0.2.4",{"ecosystem":9,"name":542,"vendor":557,"product":542,"cpe_part":558,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":559},"substack","a",[560],{"version":561,"is_range":547,"range_type":562,"version_start":9,"version_start_type":9,"version_end":551,"version_end_type":552,"fixed_in":9},"lt1.2.6","cpe"]