Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,029
Erlang
29
GitHub Actions
16
Go
1,833
Maven
5,000+
npm
3,573
NuGet
632
pip
3,160
Pub
10
RubyGems
847
Rust
798
Swift
34
Unreviewed advisories
All unreviewed
5,000+

338 advisories

Loading
Prototype Pollution in templ8 Critical
CVE-2020-7702 was published for templ8 (npm) May 6, 2021
Prototype pollution in grpc and @grpc/grpc-js High
CVE-2020-7768 was published for @grpc/grpc-js (npm) May 10, 2021
Prototype pollution in chart.js High
CVE-2020-7746 was published for chart.js (npm) May 10, 2021
Prototype Pollution in property-expr Critical
CVE-2020-7707 was published for property-expr (npm) May 6, 2021
Prototype Pollution in express-fileupload Critical
CVE-2020-7699 was published for express-fileupload (npm) Aug 5, 2020
assign-deep Vulnerable to Prototype Pollution High
CVE-2019-10745 was published for assign-deep (npm) Aug 21, 2019
Prototype Pollution in x-assign High
CVE-2021-23452 was published for x-assign (npm) Oct 21, 2021
Prototype Pollution in nis-utils Critical
CVE-2020-7703 was published for nis-utils (npm) May 6, 2021
Prototype Pollution in madlib-object-utils Critical
CVE-2020-7701 was published for madlib-object-utils (npm) May 6, 2021
Prototype pollution in class-transformer Moderate
CVE-2020-7637 was published for class-transformer (npm) Apr 7, 2020
Prototype pollution in multi-ini Moderate
CVE-2020-28460 was published for multi-ini (npm) Apr 13, 2021
Prototype Pollution in arr-flatten-unflatten Critical
CVE-2020-7713 was published for arr-flatten-unflatten (npm) May 6, 2021
Prototype Pollution in connie-lang Critical
CVE-2020-7706 was published for connie-lang (npm) May 6, 2021
confinit vulnerable to prototype pollution Moderate
CVE-2020-7638 was published for confinit (npm) Apr 7, 2020
Prototype Pollution in sds Moderate
CVE-2020-7618 was published for sds (npm) Sep 3, 2020
Improperly Controlled Modification of Dynamically-Determined Object Attributes in express-mock-middleware Moderate
CVE-2020-7616 was published for express-mock-middleware (npm) Dec 9, 2021
Improperly Controlled Modification of Dynamically-Determined Object Attributes in querymen Moderate
CVE-2020-7600 was published for querymen (npm) May 7, 2021
Prototype Pollution in locutus Critical
CVE-2020-7719 was published for locutus (npm) May 6, 2021
Prototype Pollution in bmoor High
CVE-2020-7736 was published for bmoor (npm) May 10, 2021
Prototype Pollution in angular High
CVE-2019-10768 was published for angular (npm) Nov 20, 2019
Uncontrolled Resource Consumption in fun-map High
CVE-2020-7644 was published for fun-map (npm) Dec 10, 2021
Prototype Pollution in cookiex/deep High
CVE-2021-23442 was published for @cookiex/deep (npm) Sep 20, 2021
Prototype Pollution in open-graph Moderate
CVE-2021-23419 was published for open-graph (npm) Sep 1, 2021
Prototype Pollution in safetydance High
CVE-2020-7737 was published for safetydance (npm) Feb 10, 2022
Improperly Controlled Modification of Dynamically-Determined Object Attributes in utilitify High
CVE-2019-10808 was published for utilitify (npm) May 7, 2021
ProTip! Advisories are also available from the GraphQL API