Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,029
Erlang
29
GitHub Actions
16
Go
1,833
Maven
5,000+
npm
3,573
NuGet
632
pip
3,160
Pub
10
RubyGems
847
Rust
798
Swift
34
Unreviewed advisories
All unreviewed
5,000+

147 advisories

Loading
Prototype Pollution in ts-nodash High
CVE-2021-23403 was published for ts-nodash (npm) Dec 10, 2021
Prototype pollution in supermixer High
CVE-2020-24939 was published for supermixer (npm) Dec 10, 2021
Prototype Pollution in deepmerge-ts High
CVE-2022-24802 was published for deepmerge-ts (npm) Apr 1, 2022
Prototype Pollution in fullpage.js High
CVE-2022-1295 was published for fullpage.js (npm) Apr 12, 2022
Prototype Pollution in nconf High
CVE-2022-21803 was published for nconf (npm) Apr 13, 2022
Prototype Pollution in madlib-object-utils High
CVE-2022-24279 was published for madlib-object-utils (npm) Apr 16, 2022
Prototype Pollution in convict High
CVE-2022-22143 was published for convict (npm) Apr 20, 2022
cristianstaicu arjunshibu
Prototype pollution in dojo High
CVE-2020-5258 was published for dojo (npm) Mar 10, 2020
Prototype pollution in @strikeentco/set High
CVE-2020-28267 was published for @strikeentco/set (npm) May 24, 2022
jhutchings1
Prototype Pollution in deep-get-set High
CVE-2022-21231 was published for deep-get-set (npm) Jun 25, 2022
grunt-util-property 0.0.2 function call can add/modify properties of Object.prototype using a __proto__ payload High
CVE-2020-7641 was published for grunt-util-property (npm) Jul 18, 2022
Uncontrolled Resource Consumption in fun-map High
CVE-2020-7644 was published for fun-map (npm) Dec 10, 2021
Prototype Pollution in cookiex/deep High
CVE-2021-23442 was published for @cookiex/deep (npm) Sep 20, 2021
Prototype Pollution in safetydance High
CVE-2020-7737 was published for safetydance (npm) Feb 10, 2022
Improperly Controlled Modification of Dynamically-Determined Object Attributes in utilitify High
CVE-2019-10808 was published for utilitify (npm) May 7, 2021
Prototype Pollution in angular High
CVE-2019-10768 was published for angular (npm) Nov 20, 2019
Dynamic modification of RPyC service due to missing security check High
CVE-2019-16328 was published for rpyc (pip) Feb 17, 2021
comrumino
Prototype Pollution in bmoor High
CVE-2020-7736 was published for bmoor (npm) May 10, 2021
Prototype Pollution in x-assign High
CVE-2021-23452 was published for x-assign (npm) Oct 21, 2021
assign-deep Vulnerable to Prototype Pollution High
CVE-2019-10745 was published for assign-deep (npm) Aug 21, 2019
Prototype pollution in grpc and @grpc/grpc-js High
CVE-2020-7768 was published for @grpc/grpc-js (npm) May 10, 2021
Prototype pollution in chart.js High
CVE-2020-7746 was published for chart.js (npm) May 10, 2021
Remote Code Execution via Script (Python) objects under Python 3 High
CVE-2021-32811 was published for Zope (pip) Aug 5, 2021
body-parser-xml vulnerable to Prototype Pollution High
CVE-2021-3666 was published for body-parser-xml (npm) Sep 14, 2021
dustjs-linkedin vulnerable to Prototype Pollution High
CVE-2021-4264 was published for dustjs-linkedin (npm) Dec 21, 2022
ProTip! Advisories are also available from the GraphQL API