Black Duck Vulnerability report

Ramda is vulnerable to a prototype pollution attack due to insufficient protections in the source/mapObjIndexed.js. A remote attacker may be able to execute arbitrary code, or cause a denial-of-service (DoS) by tricking the application into modifying or adding properties of Object.prototype.

Note: The vendor questions the validity of this vulnerability and has raised a dispute with Mitre here.