Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,029
Erlang
29
GitHub Actions
16
Go
1,833
Maven
5,000+
npm
3,573
NuGet
632
pip
3,160
Pub
10
RubyGems
847
Rust
798
Swift
34
Unreviewed advisories
All unreviewed
5,000+

130 advisories

Loading
Prototype Pollution in simple-plist Critical
CVE-2022-26260 was published for simple-plist (npm) Mar 23, 2022
radiotech TuurDutoit
Prototype Pollution in set-value Critical
CVE-2019-10747 was published for set-value (npm) Aug 27, 2019
Prototype pollution in Plist before 3.0.5 can cause denial of service Critical
CVE-2022-22912 was published for plist (npm) Feb 18, 2022
mario-canva
Mongoose Prototype Pollution vulnerability Critical
CVE-2023-3696 was published for mongoose (npm) Jul 17, 2023
Prototype pollution in Merge-deep Critical
CVE-2021-26707 was published for merge-deep (npm) Jun 7, 2021
json-schema is vulnerable to Prototype Pollution Critical
CVE-2021-3918 was published for json-schema (npm) Nov 19, 2021
Prototype Pollution in handlebars Critical
CVE-2019-19919 was published for bootstrap-wysihtml5-rails (RubyGems) Dec 26, 2019
MrSwitch hello.js vulnerable to prototype pollution Critical
CVE-2021-26505 was published for hellojs (npm) Aug 11, 2023
tree-kit Prototype Pollution vulnerability Critical
CVE-2023-38894 was published for tree-kit (npm) Aug 17, 2023
Parse Server vulnerable to remote code execution via MongoDB BSON parser through prototype pollution Critical
CVE-2023-36475 was published for parse-server (npm) Jun 30, 2023
dblythy mtrezza
Prototype Pollution leading to Remote Code Execution in superjson Critical
CVE-2022-23631 was published for blitz (npm) Feb 9, 2022
paul-gerste-sonarsource
Baobab vulnerable to Prototype Pollution Critical
CVE-2021-4307 was published for baobab (npm) Jan 7, 2023
Grunt-karma vulnerable to prototype pollution Critical
CVE-2022-37602 was published for grunt-karma (npm) Oct 14, 2022
Changeset vulnerable to prototype pollution Critical
CVE-2021-25915 was published for changeset (npm) May 24, 2022
keyget vulnerable to prototype pollution Critical
CVE-2020-28272 was published for keyget (npm) May 24, 2022
Prototype Pollution in ali-security/mongoose Critical
GHSA-rc4v-99cr-pjcm was published for @seal-security/mongoose-fixed (npm) Oct 17, 2023
Prototype pollution in webpack loader-utils Critical
CVE-2022-37601 was published for loader-utils (npm) Oct 13, 2022
westonsteimel kennylindley
set-getter Prototype Pollution Vulnerability Critical
CVE-2021-25949 was published for set-getter (npm) Jun 21, 2021
Prototype Pollution in field Critical
CVE-2020-28269 was published for field (npm) Dec 10, 2021
Prototype Pollution in deephas Critical
CVE-2020-28271 was published for deephas (npm) Sep 24, 2021
Prototype Pollution in irrelon-path and @irrelon/path Critical
CVE-2020-7708 was published for @irrelon/path (npm) May 6, 2021
Prototype pollution in getobject Critical
CVE-2020-28282 was published for getobject (npm) Oct 12, 2021
objection.js Prototype Pollution vulnerability Critical
CVE-2021-3766 was published for objection (npm) Sep 7, 2021
Prototype Pollution in just-extend Critical
CVE-2018-16489 was published for just-extend (npm) Feb 7, 2019
Prototype Pollution in gammautils Critical
CVE-2020-7718 was published for gammautils (npm) May 6, 2021
ProTip! Advisories are also available from the GraphQL API