Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,029
Erlang
29
GitHub Actions
16
Go
1,833
Maven
5,000+
npm
3,573
NuGet
632
pip
3,160
Pub
10
RubyGems
847
Rust
798
Swift
34
Unreviewed advisories
All unreviewed
5,000+

338 advisories

Loading
web3-utils Prototype Pollution vulnerability High
CVE-2024-21505 was published for web3-utils (npm) Mar 27, 2024
Duplicate Advisory: web3-utils Prototype Pollution vulnerability High
GHSA-87qp-7cw8-8q9c was published for web3-utils (npm) Mar 25, 2024 withdrawn
xml2js is vulnerable to prototype pollution Moderate
CVE-2023-0842 was published for xml2js (npm) Apr 5, 2023
brokenedtzjs OIRNOIR
simonkrol Harrington-Joe_pfghub G-Rath
JSONata expression can pollute the "Object" prototype Critical
CVE-2024-27307 was published for jsonata (npm) Mar 4, 2024
AlbertSPedersen
Starcounter-Jack JSON-Patch Prototype Pollution vulnerability High
CVE-2021-4279 was published for fast-json-patch (npm) Dec 25, 2022
sharonbz
Prototype Pollution in JSON5 via Parse Method High
CVE-2022-46175 was published for json5 (npm) Dec 29, 2022
jdgregson karlhorky
jordanbtucker jakebailey ebroder kenkku gazben BGehrels mrgrain sigma-z viceice burdeasa sirenevenkii edwardlee-msft
qs vulnerable to Prototype Pollution High
CVE-2022-24999 was published for qs (npm) Nov 27, 2022
dougwilson
Prototype Pollution in minimist Moderate
CVE-2020-7598 was published for minimist (npm) Apr 3, 2020
ayatweb
hoek subject to prototype pollution via the clone function. High
CVE-2020-36604 was published for @hapi/hoek (npm) Sep 25, 2022
levpachmanov
flatnest Prototype Pollution vulnerability High
CVE-2023-26135 was published for flatnest (npm) Jun 30, 2023
dset vulnerable to prototype pollution Critical
CVE-2020-28277 was published for dset (npm) May 24, 2022
shvl vulnerable to prototype pollution Critical
CVE-2020-28278 was published for shvl (npm) May 24, 2022
Prototype Pollution in lodash High
CVE-2020-8203 was published for lodash (npm) Jul 15, 2020
mitchell-codecov jkmartindale
bengry greengeko tompazourek
npm package rfc6902 vulnerable to Prototype Pollution Critical
CVE-2021-4245 was published for rfc6902 (npm) Dec 15, 2022
Prototype pollution not blocked by object-path related utilities in hoolock Moderate
CVE-2024-23339 was published for hoolock (npm) Jan 23, 2024
d3ng03
Prototype Pollution in handlebars Critical
CVE-2021-23383 was published for handlebars (npm) Feb 10, 2022
plotly.js prototype pollution vulnerability Critical
CVE-2023-46308 was published for plotly.js (Composer) Jan 3, 2024
mockjs vulnerable to Prototype Pollution via the Util.extend function High
CVE-2023-26158 was published for mockjs (npm) Dec 8, 2023
fast-xml-parser vulnerable to Prototype Pollution through tag or attribute name Moderate
CVE-2023-26920 was published for fast-xml-parser (npm) Jun 13, 2023
Sudistark
sequelize-typescript Prototype Pollution vulnerability High
CVE-2023-6293 was published for sequelize-typescript (npm) Nov 24, 2023
Prototype Pollution in y18n High
CVE-2020-7774 was published for y18n (npm) Mar 29, 2021
Prototype Pollution in vConsole Critical
CVE-2023-30363 was published for vconsole (npm) Apr 26, 2023
renbaoshuo
underscore-keypath vulnerable to Prototype Pollution High
CVE-2023-26139 was published for underscore-keypath (npm) Aug 1, 2023
Prototype Pollution in simple-plist Critical
CVE-2022-26260 was published for simple-plist (npm) Mar 23, 2022
radiotech TuurDutoit
Prototype Pollution in set-value Critical
CVE-2019-10747 was published for set-value (npm) Aug 27, 2019
ProTip! Advisories are also available from the GraphQL API