Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+

141 advisories

Loading
Prototype pollution in controlled-merge High
CVE-2020-28268 was published for controlled-merge (npm) May 18, 2021
Prototype Pollution in jquery-bbq High
CVE-2021-20086 was published for jquery-bbq (npm) May 24, 2021
Prototype Pollution in jquery-deparam High
CVE-2021-20087 was published for jquery-deparam (npm) May 24, 2021
Prototype Pollution in nedb High
CVE-2021-23395 was published for nedb (npm) Jun 21, 2021
Prototype Pollution in think-helper High
CVE-2021-32736 was published for think-helper (npm) Jul 1, 2021
yoshino-s
Improperly Controlled Modification of Object Prototype Attributes High
GHSA-6cj2-92m5-7mvp was published for think-config (npm) Aug 3, 2021
yoshino-s
Prototype Pollution in Proto High
CVE-2021-23426 was published for Proto (npm) Sep 2, 2021
Prototype Pollution in immer High
CVE-2021-3757 was published for immer (npm) Sep 7, 2021
levpachmanov
Prototype Pollution in set-value High
CVE-2021-23440 was published for set-value (npm) Sep 13, 2021
mroch
body-parser-xml vulnerable to Prototype Pollution High
CVE-2021-3666 was published for body-parser-xml (npm) Sep 14, 2021
Prototype Pollution in mixme High
GHSA-84p7-fh9c-6g8h was published for mixme (npm) Sep 20, 2021
Prototype Pollution in cookiex/deep High
CVE-2021-23442 was published for @cookiex/deep (npm) Sep 20, 2021
Prototype Pollution in object-path High
CVE-2021-3805 was published for object-path (npm) Sep 20, 2021
kurt-r2c
Prototype Pollution in x-assign High
CVE-2021-23452 was published for x-assign (npm) Oct 21, 2021
Prototype Pollution via file load in aws-sdk and @aws-sdk/shared-ini-file-loader High
CVE-2020-28472 was published for @aws-sdk/shared-ini-file-loader (npm) Nov 16, 2021
kurt-r2c
Prototype Pollution in ts-nodash High
CVE-2021-23403 was published for ts-nodash (npm) Dec 10, 2021
Prototype Pollution in record-like-deep-assign High
CVE-2021-23402 was published for record-like-deep-assign (npm) Dec 10, 2021
Prototype pollution in supermixer High
CVE-2020-24939 was published for supermixer (npm) Dec 10, 2021
Uncontrolled Resource Consumption in fun-map High
CVE-2020-7644 was published for fun-map (npm) Dec 10, 2021
Prototype Pollution in @fabiocaccamo/utils.js High
CVE-2021-3815 was published for @fabiocaccamo/utils.js (npm) Dec 10, 2021
Prototype Pollution in dojo High
CVE-2021-23450 was published for dojo (npm) Jan 5, 2022
Prototype Pollution in copy-props High
CVE-2020-28503 was published for copy-props (npm) Jan 6, 2022
Prototype Pollution in extend2 High
CVE-2021-23568 was published for extend2 (npm) Jan 12, 2022
Prototype Pollution in min-dash High
CVE-2021-23460 was published for min-dash (npm) Jan 27, 2022
Prototype Pollution in cached-path-relative High
CVE-2021-23518 was published for cached-path-relative (npm) Jan 27, 2022
ProTip! Advisories are also available from the GraphQL API