Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+

128 advisories

Loading
Prototype pollution in getobject Critical
CVE-2020-28282 was published for getobject (npm) Oct 12, 2021
Prototype pollution in object-hierarchy-access Critical
CVE-2020-28270 was published for object-hierarchy-access (npm) Oct 12, 2021
Prototype pollution vulnerability in 'patchmerge' Critical
CVE-2021-25916 was published for patchmerge (npm) Oct 13, 2021
Prototype Pollution in vm2 Critical
CVE-2021-23449 was published for vm2 (npm) Oct 19, 2021
json-schema is vulnerable to Prototype Pollution Critical
CVE-2021-3918 was published for json-schema (npm) Nov 19, 2021
Prototype Pollution in algoliasearch-helper Critical
CVE-2021-23433 was published for algoliasearch-helper (npm) Nov 23, 2021
Prototype Pollution in field Critical
CVE-2020-28269 was published for field (npm) Dec 10, 2021
Prototype Pollution in putil-merge Critical
CVE-2021-25953 was published for putil-merge (npm) Dec 10, 2021
Prototype polluation in just-safe-set Critical
CVE-2021-25952 was published for just-safe-set (npm) Dec 10, 2021
Prototype Pollution in js-data Critical
CVE-2021-23574 was published for js-data (npm) Jan 6, 2022
Prototype Pollution in realms-shim Critical
CVE-2021-23594 was published for realms-shim (npm) Jan 12, 2022
Prototype Pollution in realms-shim Critical
CVE-2021-23543 was published for realms-shim (npm) Jan 13, 2022
Prototype Pollution leading to Remote Code Execution in superjson Critical
CVE-2022-23631 was published for blitz (npm) Feb 9, 2022
paul-gerste-sonarsource
Prototype Pollution in js-data Critical
CVE-2020-28442 was published for js-data (npm) Feb 9, 2022
Prototype Pollution in handlebars Critical
CVE-2021-23383 was published for handlebars (npm) Feb 10, 2022
Prototype Pollution in mixme Critical
CVE-2021-28860 was published for mixme (npm) Feb 10, 2022
Sandbox bypass in vm2 Critical
CVE-2021-23555 was published for vm2 (npm) Feb 12, 2022
Prototype Pollution in litespeed.js and appwrite/server-ce Critical
CVE-2021-23682 was published for appwrite/server-ce (Composer) Feb 17, 2022
Prototype pollution in Plist before 3.0.5 can cause denial of service Critical
CVE-2022-22912 was published for plist (npm) Feb 18, 2022
mario-canva
Prototype Pollution in object-extend Critical
CVE-2021-23702 was published for object-extend (npm) Feb 19, 2022
Command injection in Parse Server through prototype pollution Critical
CVE-2022-24760 was published for parse-server (npm) Mar 11, 2022
yuske cristianstaicu
musard mtrezza
Prototype Pollution in minimist Critical
CVE-2021-44906 was published for minimist (npm) Mar 18, 2022
alopix ljharb
Prototype Pollution in Sails.js Critical
CVE-2021-44908 was published for sails (npm) Mar 18, 2022
Prototype Pollution in set-in Critical
CVE-2022-25354 was published for set-in (npm) Mar 18, 2022
Prototype Pollution in libnested Critical
CVE-2022-25352 was published for libnested (npm) Mar 18, 2022
ProTip! Advisories are also available from the GraphQL API