diff --git a/CHANGES.md b/CHANGES.md
index 7dde7b4582..34a5e311b3 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,3 +1,12 @@
+## Version 10.1.2
+
+Fixes:
+
+- fix(night) Prevent object prototype values from being returned by `getLanguage` (#2636) [night][]
+
+[night]: https://github.com/night
+
+
 ## Version 10.1.1
 
 Fixes:
diff --git a/src/highlight.js b/src/highlight.js
index 4f98f38ea5..b16efe83a0 100644
--- a/src/highlight.js
+++ b/src/highlight.js
@@ -29,9 +29,9 @@ const HLJS = function(hljs) {
 
   // Global internal variables used within the highlight.js library.
   /** @type {Record<string, Language>} */
-  var languages = {};
+  var languages = Object.create(null);
   /** @type {Record<string, string>} */
-  var aliases = {};
+  var aliases = Object.create(null);
   /** @type {HLJSPlugin[]} */
   var plugins = [];
 
diff --git a/test/api/getLanguage.js b/test/api/getLanguage.js
index d2654a4f63..ae14ebb92e 100644
--- a/test/api/getLanguage.js
+++ b/test/api/getLanguage.js
@@ -41,4 +41,16 @@ describe('.getLanguage()', () => {
     result.should.have.property('aliases').with.containEql('cs');
     should.strictEqual(result, hljs.getLanguage('csharp'))
   });
+
+  it('should not succeed for constructor', () => {
+    const result = hljs.getLanguage('constructor');
+
+    should.strictEqual(result, undefined);
+  });
+
+  it('should not succeed for __proto__', () => {
+    const result = hljs.getLanguage('__proto__');
+
+    should.strictEqual(result, undefined);
+  });
 });