Severity: Critical
CVSS Score: 8.2
All versions of the package progressbar.js are vulnerable to Prototype Pollution via the function extend() in the file utils.js.