GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+
128 advisories
Filter by severity
safe-eval vulnerable to Sandbox Bypass due to improper input sanitization
Critical
CVE-2023-26122
was published
for
safe-eval
(npm)
Apr 11, 2023
mockery is vulnerable to prototype pollution
Critical
CVE-2022-37614
was published
for
mockery
(npm)
Oct 12, 2022
Remote code execution via MongoDB BSON parser through prototype pollution
Critical
CVE-2022-39396
was published
for
parse-server
(npm)
Nov 8, 2022
Prototype Pollution in gammautils
Critical
CVE-2020-7718
was published
for
gammautils
(npm)
May 6, 2021
Prototype Pollution in just-extend
Critical
CVE-2018-16489
was published
for
just-extend
(npm)
Feb 7, 2019
objection.js Prototype Pollution vulnerability
Critical
CVE-2021-3766
was published
for
objection
(npm)
Sep 7, 2021
Prototype pollution in getobject
Critical
CVE-2020-28282
was published
for
getobject
(npm)
Oct 12, 2021
Prototype Pollution in irrelon-path and @irrelon/path
Critical
CVE-2020-7708
was published
for
@irrelon/path
(npm)
May 6, 2021
set-getter Prototype Pollution Vulnerability
Critical
CVE-2021-25949
was published
for
set-getter
(npm)
Jun 21, 2021
Prototype pollution in webpack loader-utils
Critical
CVE-2022-37601
was published
for
loader-utils
(npm)
Oct 13, 2022
Prototype Pollution in ali-security/mongoose
Critical
GHSA-rc4v-99cr-pjcm
was published
for
@seal-security/mongoose-fixed
(npm)
Oct 17, 2023
keyget vulnerable to prototype pollution
Critical
CVE-2020-28272
was published
for
keyget
(npm)
May 24, 2022
Changeset vulnerable to prototype pollution
Critical
CVE-2021-25915
was published
for
changeset
(npm)
May 24, 2022
Grunt-karma vulnerable to prototype pollution
Critical
CVE-2022-37602
was published
for
grunt-karma
(npm)
Oct 14, 2022
Baobab vulnerable to Prototype Pollution
Critical
CVE-2021-4307
was published
for
baobab
(npm)
Jan 7, 2023
Prototype Pollution leading to Remote Code Execution in superjson
Critical
CVE-2022-23631
was published
for
blitz
(npm)
Feb 9, 2022
Parse Server vulnerable to remote code execution via MongoDB BSON parser through prototype pollution
Critical
CVE-2023-36475
was published
for
parse-server
(npm)
Jun 30, 2023
tree-kit Prototype Pollution vulnerability
Critical
CVE-2023-38894
was published
for
tree-kit
(npm)
Aug 17, 2023
MrSwitch hello.js vulnerable to prototype pollution
Critical
CVE-2021-26505
was published
for
hellojs
(npm)
Aug 11, 2023
Prototype Pollution in handlebars
Critical
CVE-2019-19919
was published
for
bootstrap-wysihtml5-rails
(RubyGems)
Dec 26, 2019
json-schema is vulnerable to Prototype Pollution
Critical
CVE-2021-3918
was published
for
json-schema
(npm)
Nov 19, 2021
ProTip!
Advisories are also available from the
GraphQL API