GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,029
Erlang
29
GitHub Actions
16
Go
1,833
Maven
5,000+
npm
3,573
NuGet
632
pip
3,160
Pub
10
RubyGems
847
Rust
798
Swift
34
Unreviewed advisories
All unreviewed
5,000+
338 advisories
Filter by severity
Prototype pollution in grpc and @grpc/grpc-js
High
CVE-2020-7768
was published
for
@grpc/grpc-js
(npm)
May 10, 2021
Prototype Pollution in property-expr
Critical
CVE-2020-7707
was published
for
property-expr
(npm)
May 6, 2021
Prototype Pollution in express-fileupload
Critical
CVE-2020-7699
was published
for
express-fileupload
(npm)
Aug 5, 2020
assign-deep Vulnerable to Prototype Pollution
High
CVE-2019-10745
was published
for
assign-deep
(npm)
Aug 21, 2019
Prototype Pollution in nis-utils
Critical
CVE-2020-7703
was published
for
nis-utils
(npm)
May 6, 2021
Prototype Pollution in madlib-object-utils
Critical
CVE-2020-7701
was published
for
madlib-object-utils
(npm)
May 6, 2021
Prototype pollution in class-transformer
Moderate
CVE-2020-7637
was published
for
class-transformer
(npm)
Apr 7, 2020
Prototype pollution in multi-ini
Moderate
CVE-2020-28460
was published
for
multi-ini
(npm)
Apr 13, 2021
Prototype Pollution in arr-flatten-unflatten
Critical
CVE-2020-7713
was published
for
arr-flatten-unflatten
(npm)
May 6, 2021
Prototype Pollution in connie-lang
Critical
CVE-2020-7706
was published
for
connie-lang
(npm)
May 6, 2021
confinit vulnerable to prototype pollution
Moderate
CVE-2020-7638
was published
for
confinit
(npm)
Apr 7, 2020
Improperly Controlled Modification of Dynamically-Determined Object Attributes in express-mock-middleware
Moderate
CVE-2020-7616
was published
for
express-mock-middleware
(npm)
Dec 9, 2021
Improperly Controlled Modification of Dynamically-Determined Object Attributes in querymen
Moderate
CVE-2020-7600
was published
for
querymen
(npm)
May 7, 2021
Uncontrolled Resource Consumption in fun-map
High
CVE-2020-7644
was published
for
fun-map
(npm)
Dec 10, 2021
Prototype Pollution in cookiex/deep
High
CVE-2021-23442
was published
for
@cookiex/deep
(npm)
Sep 20, 2021
Prototype Pollution in open-graph
Moderate
CVE-2021-23419
was published
for
open-graph
(npm)
Sep 1, 2021
Prototype Pollution in safetydance
High
CVE-2020-7737
was published
for
safetydance
(npm)
Feb 10, 2022
Improperly Controlled Modification of Dynamically-Determined Object Attributes in utilitify
High
CVE-2019-10808
was published
for
utilitify
(npm)
May 7, 2021
ProTip!
Advisories are also available from the
GraphQL API