GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+
141 advisories
Filter by severity
Prototype Pollution in think-helper
High
CVE-2021-32736
was published
for
think-helper
(npm)
Jul 1, 2021
Prototype Pollution in jquery-bbq
High
CVE-2021-20086
was published
for
jquery-bbq
(npm)
May 24, 2021
Prototype Pollution in jquery-deparam
High
CVE-2021-20087
was published
for
jquery-deparam
(npm)
May 24, 2021
Prototype Pollution in deep-get-set
High
CVE-2020-7715
was published
for
deep-get-set
(npm)
May 6, 2021
Prototype pollution in controlled-merge
High
CVE-2020-28268
was published
for
controlled-merge
(npm)
May 18, 2021
Prototype Pollution in simpl-schema
High
CVE-2020-7742
was published
for
simpl-schema
(npm)
May 10, 2021
Prototype pollution in json8-merge-patch
High
CVE-2020-8268
was published
for
json8-merge-patch
(npm)
May 10, 2021
Prototype Pollution in copy-props
High
CVE-2020-28503
was published
for
copy-props
(npm)
Jan 6, 2022
Prototype Pollution in Node-Red
High
CVE-2021-21297
was published
for
@node-red/runtime
(npm)
Feb 26, 2021
Prototype Pollution in jsgui-lang-essentials
High
CVE-2022-25301
was published
for
jsgui-lang-essentials
(npm)
May 3, 2022
Prototype Pollution in cached-path-relative
High
CVE-2021-23518
was published
for
cached-path-relative
(npm)
Jan 27, 2022
Prototype Pollution via file load in aws-sdk and @aws-sdk/shared-ini-file-loader
High
CVE-2020-28472
was published
for
@aws-sdk/shared-ini-file-loader
(npm)
Nov 16, 2021
dustjs-linkedin vulnerable to Prototype Pollution
High
CVE-2021-4264
was published
for
dustjs-linkedin
(npm)
Dec 21, 2022
body-parser-xml vulnerable to Prototype Pollution
High
CVE-2021-3666
was published
for
body-parser-xml
(npm)
Sep 14, 2021
Prototype pollution in grpc and @grpc/grpc-js
High
CVE-2020-7768
was published
for
@grpc/grpc-js
(npm)
May 10, 2021
assign-deep Vulnerable to Prototype Pollution
High
CVE-2019-10745
was published
for
assign-deep
(npm)
Aug 21, 2019
ProTip!
Advisories are also available from the
GraphQL API