GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+
336 advisories
Filter by severity
Possible prototype pollution in metadata record, when using meta decorator
Low
CVE-2023-30857
was published
for
@aedart/support
(npm)
May 1, 2023
Prototype Pollution in vConsole
Critical
CVE-2023-30363
was published
for
vconsole
(npm)
Apr 26, 2023
safe-eval vulnerable to Sandbox Bypass due to improper input sanitization
Critical
CVE-2023-26122
was published
for
safe-eval
(npm)
Apr 11, 2023
safe-eval vulnerable to Prototype Pollution via the safeEval function
Critical
CVE-2023-26121
was published
for
safe-eval
(npm)
Apr 11, 2023
xml2js is vulnerable to prototype pollution
Moderate
CVE-2023-0842
was published
for
xml2js
(npm)
Apr 5, 2023
Prototype pollution in matrix-js-sdk (part 2)
High
CVE-2023-28427
was published
for
matrix-js-sdk
(npm)
Mar 30, 2023
Prototype pollution in matrix-react-sdk
High
CVE-2023-28103
was published
for
matrix-react-sdk
(npm)
Mar 29, 2023
matrix-react-sdk Prototype pollution vulnerability
High
CVE-2022-36060
was published
for
matrix-react-sdk
(npm)
Mar 28, 2023
matrix-js-sdk Prototype Pollution vulnerability
High
CVE-2022-36059
was published
for
matrix-js-sdk
(npm)
Mar 28, 2023
Collection.js vulnerable to Prototype Pollution
High
CVE-2023-26113
was published
for
collection.js
(npm)
Mar 18, 2023
dot-lens vulnerable to Prototype Pollution
High
CVE-2023-26106
was published
for
dot-lens
(npm)
Mar 6, 2023
mde utilities contains Prototype Pollution
High
CVE-2023-26105
was published
for
utilities
(npm)
Feb 28, 2023
rangy vulnerable to Prototype Pollution
High
CVE-2023-26102
was published
for
rangy
(npm)
Feb 24, 2023
Baobab vulnerable to Prototype Pollution
Critical
CVE-2021-4307
was published
for
baobab
(npm)
Jan 7, 2023
Prototype Pollution in JSON5 via Parse Method
High
CVE-2022-46175
was published
for
json5
(npm)
Dec 29, 2022
json-pointer vulnerable to Prototype Pollution
Critical
CVE-2022-4742
was published
for
json-pointer
(npm)
Dec 26, 2022
Starcounter-Jack JSON-Patch Prototype Pollution vulnerability
High
CVE-2021-4279
was published
for
fast-json-patch
(npm)
Dec 25, 2022
flat vulnerable to Prototype Pollution
Critical
CVE-2020-36632
was published
for
flat
(npm)
Dec 25, 2022
tree-kit vulnerable to Prototype Pollution
High
CVE-2021-4278
was published
for
tree-kit
(npm)
Dec 25, 2022
dustjs-linkedin vulnerable to Prototype Pollution
High
CVE-2021-4264
was published
for
dustjs-linkedin
(npm)
Dec 21, 2022
safe-eval vulnerable to Prototype Pollution
Critical
CVE-2022-25904
was published
for
safe-eval
(npm)
Dec 20, 2022
FurqanSoftware/node-whois vulnerable to Prototype Pollution
Critical
CVE-2020-36618
was published
for
whois
(npm)
Dec 19, 2022
npm package rfc6902 vulnerable to Prototype Pollution
Critical
CVE-2021-4245
was published
for
rfc6902
(npm)
Dec 15, 2022
ProTip!
Advisories are also available from the
GraphQL API