Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+

131 advisories

Loading
merge vulnerable to Prototype Pollution Critical
CVE-2021-3645 was published for @viking04/merge (npm) Sep 13, 2021
Prototype Pollution in deep.assign Critical
CVE-2021-40663 was published for deep.assign (npm) Jul 1, 2022
FurqanSoftware/node-whois vulnerable to Prototype Pollution Critical
CVE-2020-36618 was published for whois (npm) Dec 19, 2022
Properties-Reader before v2.2.0 vulnerable to prototype pollution Critical
CVE-2020-28471 was published for properties-reader (npm) Jul 19, 2022
steal vulnerable to Prototype Pollution via optionName variable Critical
CVE-2022-37264 was published for steal (npm) Sep 16, 2022
TypeORM vulnerable to MAID and Prototype Pollution Critical
CVE-2020-8158 was published for typeorm (npm) May 7, 2021
steal vulnerable to Prototype Pollution via requestedVersion variable Critical
CVE-2022-37257 was published for steal (npm) Sep 16, 2022
steal vulnerable to Prototype Pollution via key variable in babel.js Critical
CVE-2022-37266 was published for steal (npm) Sep 16, 2022
linux-cmdline is vulnerable to Prototype Pollution via the constructor Critical
CVE-2020-7704 was published for linux-cmdline (npm) May 24, 2022
steal vulnerable to Prototype Pollution Critical
CVE-2022-37258 was published for steal (npm) Sep 17, 2022
steal vulnerable to Prototype Pollution via alias variable Critical
CVE-2022-37265 was published for steal (npm) Sep 21, 2022
Prototype pollution in set-in Critical
CVE-2020-28273 was published for set-in (npm) Mar 19, 2021
Prototype Pollution Vulnerability in object-collider Critical
CVE-2021-25914 was published for object-collider (npm) Mar 19, 2021
Prototype Pollution in multi-ini Critical
CVE-2020-28448 was published for multi-ini (npm) Apr 13, 2021
Prototype pollution in set-object-value Critical
CVE-2020-28281 was published for set-object-value (npm) Apr 13, 2021
Prototype Pollution in doc-path Critical
CVE-2020-7772 was published for doc-path (npm) May 10, 2021
Prototype Pollution in set-or-get Critical
CVE-2021-25913 was published for set-or-get (npm) Apr 12, 2021
Prototype pollution in json8 Critical
CVE-2020-7770 was published for json8 (npm) May 10, 2021
Prototype Pollution in node-oojs Critical
CVE-2020-7721 was published for node-oojs (npm) May 6, 2021
Prototype Pollution in phpjs Critical
CVE-2020-7700 was published for phpjs (npm) May 6, 2021
Prototype Pollution in dot-notes Critical
CVE-2020-7717 was published for dot-notes (npm) May 6, 2021
Prototype Pollution in promisehelpers Critical
CVE-2020-7723 was published for promisehelpers (npm) May 6, 2021
Prototype Pollution in tiny-conf Critical
CVE-2020-7724 was published for tiny-conf (npm) May 10, 2021
Prototype Pollution in worksmith Critical
CVE-2020-7725 was published for worksmith (npm) May 6, 2021
Prototype Pollution in gedi Critical
CVE-2020-7727 was published for gedi (npm) May 6, 2021
ProTip! Advisories are also available from the GraphQL API