GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,029
Erlang
29
GitHub Actions
16
Go
1,833
Maven
5,000+
npm
3,573
NuGet
632
pip
3,160
Pub
10
RubyGems
847
Rust
798
Swift
34
Unreviewed advisories
All unreviewed
5,000+
147 advisories
Filter by severity
Prototype pollution in supermixer
High
CVE-2020-24939
was published
for
supermixer
(npm)
Dec 10, 2021
Prototype Pollution in deepmerge-ts
High
CVE-2022-24802
was published
for
deepmerge-ts
(npm)
Apr 1, 2022
Prototype Pollution in fullpage.js
High
CVE-2022-1295
was published
for
fullpage.js
(npm)
Apr 12, 2022
Prototype Pollution in madlib-object-utils
High
CVE-2022-24279
was published
for
madlib-object-utils
(npm)
Apr 16, 2022
Prototype pollution in @strikeentco/set
High
CVE-2020-28267
was published
for
@strikeentco/set
(npm)
May 24, 2022
Prototype Pollution in deep-get-set
High
CVE-2022-21231
was published
for
deep-get-set
(npm)
Jun 25, 2022
grunt-util-property 0.0.2 function call can add/modify properties of Object.prototype using a __proto__ payload
High
CVE-2020-7641
was published
for
grunt-util-property
(npm)
Jul 18, 2022
Uncontrolled Resource Consumption in fun-map
High
CVE-2020-7644
was published
for
fun-map
(npm)
Dec 10, 2021
Prototype Pollution in cookiex/deep
High
CVE-2021-23442
was published
for
@cookiex/deep
(npm)
Sep 20, 2021
Prototype Pollution in safetydance
High
CVE-2020-7737
was published
for
safetydance
(npm)
Feb 10, 2022
Improperly Controlled Modification of Dynamically-Determined Object Attributes in utilitify
High
CVE-2019-10808
was published
for
utilitify
(npm)
May 7, 2021
Dynamic modification of RPyC service due to missing security check
High
CVE-2019-16328
was published
for
rpyc
(pip)
Feb 17, 2021
assign-deep Vulnerable to Prototype Pollution
High
CVE-2019-10745
was published
for
assign-deep
(npm)
Aug 21, 2019
Prototype pollution in grpc and @grpc/grpc-js
High
CVE-2020-7768
was published
for
@grpc/grpc-js
(npm)
May 10, 2021
Remote Code Execution via Script (Python) objects under Python 3
High
CVE-2021-32811
was published
for
Zope
(pip)
Aug 5, 2021
body-parser-xml vulnerable to Prototype Pollution
High
CVE-2021-3666
was published
for
body-parser-xml
(npm)
Sep 14, 2021
dustjs-linkedin vulnerable to Prototype Pollution
High
CVE-2021-4264
was published
for
dustjs-linkedin
(npm)
Dec 21, 2022
ProTip!
Advisories are also available from the
GraphQL API