Severity: Critical
CVSS Score: 6.5
All versions of package merge-deep2 are vulnerable to Prototype Pollution via the mergeDeep() function.