Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,958
Erlang
29
GitHub Actions
16
Go
1,745
Maven
4,971
npm
3,507
NuGet
609
pip
3,066
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+

133 advisories

Prototype Pollution in algoliasearch-helper Critical
CVE-2021-23433 was published for algoliasearch-helper (npm) Nov 23, 2021
json-schema is vulnerable to Prototype Pollution Critical
CVE-2021-3918 was published for json-schema (npm) Nov 19, 2021
Prototype Pollution in vm2 Critical
CVE-2021-23449 was published for vm2 (npm) Oct 19, 2021
Prototype pollution vulnerability in 'patchmerge' Critical
CVE-2021-25916 was published for patchmerge (npm) Oct 13, 2021
Prototype pollution in object-hierarchy-access Critical
CVE-2020-28270 was published for object-hierarchy-access (npm) Oct 12, 2021
Prototype pollution in getobject Critical
CVE-2020-28282 was published for getobject (npm) Oct 12, 2021
Prototype pollution in aurelia-path Critical
CVE-2021-41097 was published for aurelia-path (npm) Sep 27, 2021
msrkp
Prototype Pollution in deephas Critical
CVE-2020-28271 was published for deephas (npm) Sep 24, 2021
merge vulnerable to Prototype Pollution Critical
CVE-2021-3645 was published for @viking04/merge (npm) Sep 13, 2021
objection.js Prototype Pollution vulnerability Critical
CVE-2021-3766 was published for objection (npm) Sep 7, 2021
Prototype Pollution in immer Critical
CVE-2021-23436 was published for immer (npm) Sep 2, 2021
levpachmanov
Prototype pollution in safe-flat Critical
CVE-2021-25927 was published for safe-flat (npm) Jun 21, 2021
Prototype pollution in safe-obj Critical
CVE-2021-25928 was published for safe-obj (npm) Jun 21, 2021
set-getter Prototype Pollution Vulnerability Critical
CVE-2021-25949 was published for set-getter (npm) Jun 21, 2021
Prototype Pollution Critical
CVE-2021-25948 was published for expand-hash (npm) Jun 21, 2021
Prototype pollution vulnerability in js-extend Critical
CVE-2021-25945 was published for js-extend (npm) Jun 8, 2021
Prototype pollution in nconf-toml Critical
CVE-2021-25946 was published for nconf-toml (npm) Jun 7, 2021
Prototype pollution in Merge-deep Critical
CVE-2021-26707 was published for merge-deep (npm) Jun 7, 2021
Prototype pollution in nestie Critical
CVE-2021-25947 was published for nestie (npm) Jun 7, 2021
Prototype pollution in 101 Critical
CVE-2021-25943 was published for 101 (npm) May 17, 2021
Prototype Pollution in deep-override Critical
CVE-2021-25941 was published for deep-override (npm) May 17, 2021
Autobinding vulnerability in MITREid Connect Critical
CVE-2021-27582 was published for org.mitre:openid-connect-parent (Maven) May 13, 2021
Prototype Pollution in doc-path Critical
CVE-2020-7772 was published for doc-path (npm) May 10, 2021
Prototype pollution in json8 Critical
CVE-2020-7770 was published for json8 (npm) May 10, 2021
Prototype Pollution in tiny-conf Critical
CVE-2020-7724 was published for tiny-conf (npm) May 10, 2021
ProTip! Advisories are also available from the GraphQL API