Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+

141 advisories

Loading
Prototype Pollution in y18n High
CVE-2020-7774 was published for y18n (npm) Mar 29, 2021
underscore-keypath vulnerable to Prototype Pollution High
CVE-2023-26139 was published for underscore-keypath (npm) Aug 1, 2023
Prototype Pollution in querystringify High
GHSA-hxcm-v35h-mg2x was published for querystringify (npm) Jun 7, 2019
Prototype Pollution in protobufjs High
CVE-2022-25878 was published for protobufjs (npm) May 28, 2022
dotdash steinz
Prototype Pollution in object-path High
CVE-2021-3805 was published for object-path (npm) Sep 20, 2021
kurt-r2c
automattic/mongoose vulnerable to Prototype pollution via Schema.path High
CVE-2022-2564 was published for mongoose (npm) Jul 29, 2022
vovikhangcdv neeraj-vts
Prototype Pollution in node-forge High
CVE-2020-7720 was published for node-forge (npm) Sep 14, 2020
dottie vulnerable to Prototype Pollution High
CVE-2023-26132 was published for dottie (npm) Jun 10, 2023
dot-prop Prototype Pollution vulnerability High
CVE-2020-8116 was published for dot-prop (npm) Jul 29, 2020
Collection.js vulnerable to Prototype Pollution High
CVE-2023-26113 was published for collection.js (npm) Mar 18, 2023
Synchrony deobfuscator prototype pollution vulnerability leading to arbitrary code execution High
CVE-2023-45811 was published for deobfuscator (npm) Oct 18, 2023
SteakEnthusiast
Prototype Pollution in NASA Open MCT High
CVE-2023-45282 was published for openmct (npm) Oct 6, 2023
Prototype Pollution(PP) vulnerability in setByPath High
CVE-2023-45827 was published for @clickbar/dot-diver (npm) Nov 3, 2023
d3ng03 GAP-dev
Prototype Pollution in sheetJS High
CVE-2023-30533 was published for xlsx (npm) Apr 24, 2023
pmartinat stof
progressbar.js vulnerable to Prototype Pollution High
CVE-2023-26133 was published for progressbar.js (npm) Jun 12, 2023
kimmobrunfeldt juburr
Prototype Pollution in set-value High
CVE-2021-23440 was published for set-value (npm) Sep 13, 2021
mroch
Prototype pollution in total.js High
CVE-2020-28495 was published for total.js (npm) Feb 5, 2021
Improperly Controlled Modification of Dynamically-Determined Object Attributes in casperjs High
CVE-2020-7679 was published for casperjs (npm) May 17, 2021
Prototype Pollution in hoek High
CVE-2018-3728 was published for hoek (npm) Apr 26, 2018
Prototype Pollution in record-like-deep-assign High
CVE-2021-23402 was published for record-like-deep-assign (npm) Dec 10, 2021
Prototype Pollution in assign-deep High
CVE-2018-3720 was published for assign-deep (npm) Jul 26, 2018
Prototype Pollution in merge High
CVE-2018-16469 was published for merge (npm) Nov 1, 2018
Prototype Pollution in mpath High
CVE-2018-16490 was published for mpath (npm) Feb 7, 2019
Prototype Pollution in decal High
CVE-2020-28450 was published for decal (npm) Apr 13, 2021
Arbitrary Code Execution in json-ptr High
CVE-2020-7766 was published for json-ptr (npm) May 10, 2021
tdunlap607
ProTip! Advisories are also available from the GraphQL API