GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+
336 advisories
Filter by severity
mysql2 vulnerable to Prototype Poisoning
Moderate
CVE-2024-21509
was published
for
mysql2
(npm)
Apr 10, 2024
web3-utils Prototype Pollution vulnerability
High
CVE-2024-21505
was published
for
web3-utils
(npm)
Mar 27, 2024
@thi.ng/paths Prototype Pollution vulnerability
High
CVE-2024-29650
was published
for
@thi.ng/paths
(npm)
Mar 25, 2024
Duplicate Advisory: web3-utils Prototype Pollution vulnerability
High
GHSA-87qp-7cw8-8q9c
was published
for
web3-utils
(npm)
Mar 25, 2024
•
withdrawn
JSONata expression can pollute the "Object" prototype
Critical
CVE-2024-27307
was published
for
jsonata
(npm)
Mar 4, 2024
Prototype pollution not blocked by object-path related utilities in hoolock
Moderate
CVE-2024-23339
was published
for
hoolock
(npm)
Jan 23, 2024
plotly.js prototype pollution vulnerability
Critical
CVE-2023-46308
was published
for
plotly.js
(Composer)
Jan 3, 2024
mockjs vulnerable to Prototype Pollution via the Util.extend function
High
CVE-2023-26158
was published
for
mockjs
(npm)
Dec 8, 2023
sequelize-typescript Prototype Pollution vulnerability
High
CVE-2023-6293
was published
for
sequelize-typescript
(npm)
Nov 24, 2023
Prototype Pollution(PP) vulnerability in setByPath
High
CVE-2023-45827
was published
for
@clickbar/dot-diver
(npm)
Nov 3, 2023
Synchrony deobfuscator prototype pollution vulnerability leading to arbitrary code execution
High
CVE-2023-45811
was published
for
deobfuscator
(npm)
Oct 18, 2023
Prototype Pollution in ali-security/mongoose
Critical
GHSA-rc4v-99cr-pjcm
was published
for
@seal-security/mongoose-fixed
(npm)
Oct 17, 2023
Prototype Pollution in NASA Open MCT
High
CVE-2023-45282
was published
for
openmct
(npm)
Oct 6, 2023
tree-kit Prototype Pollution vulnerability
Critical
CVE-2023-38894
was published
for
tree-kit
(npm)
Aug 17, 2023
MrSwitch hello.js vulnerable to prototype pollution
Critical
CVE-2021-26505
was published
for
hellojs
(npm)
Aug 11, 2023
underscore-keypath vulnerable to Prototype Pollution
High
CVE-2023-26139
was published
for
underscore-keypath
(npm)
Aug 1, 2023
Mongoose Prototype Pollution vulnerability
Critical
CVE-2023-3696
was published
for
mongoose
(npm)
Jul 17, 2023
protobufjs Prototype Pollution vulnerability
Critical
CVE-2023-36665
was published
for
protobufjs
(npm)
Jul 5, 2023
tough-cookie Prototype Pollution vulnerability
Moderate
CVE-2023-26136
was published
for
tough-cookie
(npm)
Jul 1, 2023
Parse Server vulnerable to remote code execution via MongoDB BSON parser through prototype pollution
Critical
CVE-2023-36475
was published
for
parse-server
(npm)
Jun 30, 2023
flatnest Prototype Pollution vulnerability
High
CVE-2023-26135
was published
for
flatnest
(npm)
Jun 30, 2023
fast-xml-parser vulnerable to Prototype Pollution through tag or attribute name
Moderate
CVE-2023-26920
was published
for
fast-xml-parser
(npm)
Jun 13, 2023
progressbar.js vulnerable to Prototype Pollution
High
CVE-2023-26133
was published
for
progressbar.js
(npm)
Jun 12, 2023
dottie vulnerable to Prototype Pollution
High
CVE-2023-26132
was published
for
dottie
(npm)
Jun 10, 2023
antfu/utils vulnerable to prototype pollution
Moderate
CVE-2023-2972
was published
for
@antfu/utils
(npm)
May 30, 2023
ProTip!
Advisories are also available from the
GraphQL API