Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+

128 advisories

Loading
Prototype Pollution in promisehelpers Critical
CVE-2020-7723 was published for promisehelpers (npm) May 6, 2021
Prototype Pollution in gammautils Critical
CVE-2020-7718 was published for gammautils (npm) May 6, 2021
Prototype Pollution in nodee-utils Critical
CVE-2020-7722 was published for nodee-utils (npm) May 6, 2021
Prototype Pollution in worksmith Critical
CVE-2020-7725 was published for worksmith (npm) May 6, 2021
Prototype Pollution in safe-object2 Critical
CVE-2020-7726 was published for safe-object2 (npm) May 6, 2021
TypeORM vulnerable to MAID and Prototype Pollution Critical
CVE-2020-8158 was published for typeorm (npm) May 7, 2021
Prototype Pollution in swiper Critical
CVE-2021-23370 was published for swiper (npm) May 10, 2021
Prototype Pollution in tiny-conf Critical
CVE-2020-7724 was published for tiny-conf (npm) May 10, 2021
Prototype pollution in json8 Critical
CVE-2020-7770 was published for json8 (npm) May 10, 2021
Prototype Pollution in doc-path Critical
CVE-2020-7772 was published for doc-path (npm) May 10, 2021
Prototype Pollution in deep-override Critical
CVE-2021-25941 was published for deep-override (npm) May 17, 2021
Prototype pollution in 101 Critical
CVE-2021-25943 was published for 101 (npm) May 17, 2021
Prototype pollution in nestie Critical
CVE-2021-25947 was published for nestie (npm) Jun 7, 2021
Prototype pollution in Merge-deep Critical
CVE-2021-26707 was published for merge-deep (npm) Jun 7, 2021
Prototype pollution in nconf-toml Critical
CVE-2021-25946 was published for nconf-toml (npm) Jun 7, 2021
Prototype pollution vulnerability in js-extend Critical
CVE-2021-25945 was published for js-extend (npm) Jun 8, 2021
Prototype Pollution Critical
CVE-2021-25948 was published for expand-hash (npm) Jun 21, 2021
set-getter Prototype Pollution Vulnerability Critical
CVE-2021-25949 was published for set-getter (npm) Jun 21, 2021
Prototype pollution in safe-obj Critical
CVE-2021-25928 was published for safe-obj (npm) Jun 21, 2021
Prototype pollution in safe-flat Critical
CVE-2021-25927 was published for safe-flat (npm) Jun 21, 2021
Prototype Pollution in immer Critical
CVE-2021-23436 was published for immer (npm) Sep 2, 2021
levpachmanov
objection.js Prototype Pollution vulnerability Critical
CVE-2021-3766 was published for objection (npm) Sep 7, 2021
merge vulnerable to Prototype Pollution Critical
CVE-2021-3645 was published for @viking04/merge (npm) Sep 13, 2021
Prototype Pollution in deephas Critical
CVE-2020-28271 was published for deephas (npm) Sep 24, 2021
Prototype pollution in aurelia-path Critical
CVE-2021-41097 was published for aurelia-path (npm) Sep 27, 2021
msrkp
ProTip! Advisories are also available from the GraphQL API