GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,029
Erlang
29
GitHub Actions
16
Go
1,833
Maven
5,000+
npm
3,573
NuGet
632
pip
3,160
Pub
10
RubyGems
847
Rust
798
Swift
34
Unreviewed advisories
All unreviewed
5,000+
142 advisories
Filter by severity
Prototype pollution in matrix-react-sdk
High
CVE-2023-28103
was published
for
matrix-react-sdk
(npm)
Mar 29, 2023
matrix-react-sdk Prototype pollution vulnerability
High
CVE-2022-36060
was published
for
matrix-react-sdk
(npm)
Mar 28, 2023
matrix-js-sdk Prototype Pollution vulnerability
High
CVE-2022-36059
was published
for
matrix-js-sdk
(npm)
Mar 28, 2023
Collection.js vulnerable to Prototype Pollution
High
CVE-2023-26113
was published
for
collection.js
(npm)
Mar 18, 2023
dot-lens vulnerable to Prototype Pollution
High
CVE-2023-26106
was published
for
dot-lens
(npm)
Mar 6, 2023
mde utilities contains Prototype Pollution
High
CVE-2023-26105
was published
for
utilities
(npm)
Feb 28, 2023
rangy vulnerable to Prototype Pollution
High
CVE-2023-26102
was published
for
rangy
(npm)
Feb 24, 2023
Prototype Pollution in JSON5 via Parse Method
High
CVE-2022-46175
was published
for
json5
(npm)
Dec 29, 2022
Starcounter-Jack JSON-Patch Prototype Pollution vulnerability
High
CVE-2021-4279
was published
for
fast-json-patch
(npm)
Dec 25, 2022
tree-kit vulnerable to Prototype Pollution
High
CVE-2021-4278
was published
for
tree-kit
(npm)
Dec 25, 2022
dustjs-linkedin vulnerable to Prototype Pollution
High
CVE-2021-4264
was published
for
dustjs-linkedin
(npm)
Dec 21, 2022
Parse Server is vulnerable to Prototype Pollution via Cloud Code Webhooks
High
CVE-2022-41879
was published
for
parse-server
(npm)
Nov 10, 2022
Parse Server vulnerable to Prototype Pollution via Cloud Code Webhooks or Cloud Code Triggers
High
CVE-2022-41878
was published
for
parse-server
(npm)
Nov 9, 2022
hoek subject to prototype pollution via the clone function.
High
CVE-2020-36604
was published
for
@hapi/hoek
(npm)
Sep 25, 2022
automattic/mongoose vulnerable to Prototype pollution via Schema.path
High
CVE-2022-2564
was published
for
mongoose
(npm)
Jul 29, 2022
grunt-util-property 0.0.2 function call can add/modify properties of Object.prototype using a __proto__ payload
High
CVE-2020-7641
was published
for
grunt-util-property
(npm)
Jul 18, 2022
Prototype Pollution in deep-get-set
High
CVE-2022-21231
was published
for
deep-get-set
(npm)
Jun 25, 2022
Prototype Pollution in protobufjs
High
CVE-2022-25878
was published
for
protobufjs
(npm)
May 28, 2022
mootools-more vulnerable to prototype pollution
High
CVE-2021-20088
was published
for
mootools-more
(npm)
May 24, 2022
jquery-plugin-query-object contains prototype pollution vulnerability
High
CVE-2021-20083
was published
for
jquery-query-object
(npm)
May 24, 2022
Prototype pollution in @strikeentco/set
High
CVE-2020-28267
was published
for
@strikeentco/set
(npm)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API