The package grpc prior to 1.24.4; the package @grpc/grpc-js prior to 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition.
grpc grpc