Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+

131 advisories

Loading
Prototype Pollution in Sails.js Critical
CVE-2021-44908 was published for sails (npm) Mar 18, 2022
Prototype Pollution in set-in Critical
CVE-2022-25354 was published for set-in (npm) Mar 18, 2022
Prototype Pollution in libnested Critical
CVE-2022-25352 was published for libnested (npm) Mar 18, 2022
Prototype Pollution in simple-plist Critical
CVE-2022-26260 was published for simple-plist (npm) Mar 23, 2022
radiotech TuurDutoit
Prototype Pollution in convict Critical
CVE-2022-21190 was published for convict (npm) May 14, 2022
linux-cmdline is vulnerable to Prototype Pollution via the constructor Critical
CVE-2020-7704 was published for linux-cmdline (npm) May 24, 2022
keyget vulnerable to prototype pollution Critical
CVE-2020-28272 was published for keyget (npm) May 24, 2022
flattenizer vulnerable to prototype pollution Critical
CVE-2020-28279 was published for flattenizer (npm) May 24, 2022
Prototype pollution vulnerability in 'deep-set' Critical
CVE-2020-28276 was published for deep-set (npm) May 24, 2022
shvl vulnerable to prototype pollution Critical
CVE-2020-28278 was published for shvl (npm) May 24, 2022
dset vulnerable to prototype pollution Critical
CVE-2020-28277 was published for dset (npm) May 24, 2022
Changeset vulnerable to prototype pollution Critical
CVE-2021-25915 was published for changeset (npm) May 24, 2022
deep-defaults vulnerable to prototype pollution Critical
CVE-2021-25944 was published for deep-defaults (npm) May 24, 2022
Prototype Pollution in deep.assign Critical
CVE-2021-40663 was published for deep.assign (npm) Jul 1, 2022
Properties-Reader before v2.2.0 vulnerable to prototype pollution Critical
CVE-2020-28471 was published for properties-reader (npm) Jul 19, 2022
ion-parser Prototype Pollution when malicious INI file submitted to application that parses with `parse` Critical
CVE-2020-28462 was published for ion-parser (npm) Jul 26, 2022
set-deep-prop Prototype Pollution Critical
CVE-2021-23373 was published for set-deep-prop (npm) Jul 26, 2022
js-ini Prorotype Pollution when malicious INI files submitted to an application that parses it with `parse` Critical
CVE-2020-28461 was published for js-ini (npm) Jul 26, 2022
conf-cfg-ini Prototype Pollution via malicious INI file before v1.2.2 Critical
CVE-2020-28441 was published for conf-cfg-ini (npm) Jul 26, 2022
ts-deepmerge before 2.0.2 vulnerable to Prototype Pollution Critical
CVE-2022-25907 was published for ts-deepmerge (npm) Aug 10, 2022
Mongoose Vulnerable to Prototype Pollution in Schema Object Critical
CVE-2022-24304 was published for mongoose (npm) Aug 27, 2022
steal vulnerable to Prototype Pollution via optionName variable Critical
CVE-2022-37264 was published for steal (npm) Sep 16, 2022
steal vulnerable to Prototype Pollution via key variable in babel.js Critical
CVE-2022-37266 was published for steal (npm) Sep 16, 2022
steal vulnerable to Prototype Pollution via requestedVersion variable Critical
CVE-2022-37257 was published for steal (npm) Sep 16, 2022
steal vulnerable to Prototype Pollution Critical
CVE-2022-37258 was published for steal (npm) Sep 17, 2022
ProTip! Advisories are also available from the GraphQL API