Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,992
Erlang
29
GitHub Actions
16
Go
1,782
Maven
5,000+
npm
3,544
NuGet
619
pip
3,134
Pub
10
RubyGems
838
Rust
795
Swift
34
Unreviewed advisories
All unreviewed
5,000+

136 advisories

Loading
steal vulnerable to Prototype Pollution Critical
CVE-2022-37258 was published for steal (npm) Sep 17, 2022
steal vulnerable to Prototype Pollution via alias variable Critical
CVE-2022-37265 was published for steal (npm) Sep 21, 2022
Withdrawn: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in @xmldom/xmldom and xmldom Critical
CVE-2022-37616 was published for @xmldom/xmldom (npm) Oct 11, 2022 withdrawn
secdevlpr26 bchew
tzimmermann mrtc0 karfau
thlorenz browserify-shim vulnerable to prototype pollution Critical
CVE-2022-37617 was published for browserify-shim (npm) Oct 12, 2022
tschaub gh-pages vulnerable to prototype pollution Critical
CVE-2022-37611 was published for gh-pages (npm) Oct 12, 2022
Prototype pollution vulnerability in beautify-web js-beautify 1.13.7 via the name variable in... Critical Unreviewed
CVE-2022-37609 was published Oct 12, 2022
mockery is vulnerable to prototype pollution Critical
CVE-2022-37614 was published for mockery (npm) Oct 12, 2022
akaustav
Prototype pollution in webpack loader-utils Critical
CVE-2022-37601 was published for loader-utils (npm) Oct 13, 2022
westonsteimel kennylindley
Grunt-karma vulnerable to prototype pollution Critical
CVE-2022-37602 was published for grunt-karma (npm) Oct 14, 2022
Prototype pollution vulnerability in function DEFNODE in ast.js in mishoo UglifyJS 3.13.2 via the... Critical Unreviewed
CVE-2022-37598 was published Oct 20, 2022
Feather-Sequelize cleanQuery method vulnerable to Prototype Pollution Critical
CVE-2022-29823 was published for feathers-sequelize (npm) Oct 26, 2022
Churro
thlorenz browserify-shim vulnerable to prototype pollution Critical
CVE-2022-37621 was published for browserify-shim (npm) Oct 29, 2022
thlorenz browserify-shim vulnerable to prototype pollution Critical
CVE-2022-37623 was published for browserify-shim (npm) Oct 31, 2022
Remote code execution via MongoDB BSON parser through prototype pollution Critical
CVE-2022-39396 was published for parse-server (npm) Nov 8, 2022
npm package rfc6902 vulnerable to Prototype Pollution Critical
CVE-2021-4245 was published for rfc6902 (npm) Dec 15, 2022
FurqanSoftware/node-whois vulnerable to Prototype Pollution Critical
CVE-2020-36618 was published for whois (npm) Dec 19, 2022
safe-eval vulnerable to Prototype Pollution Critical
CVE-2022-25904 was published for safe-eval (npm) Dec 20, 2022
flat vulnerable to Prototype Pollution Critical
CVE-2020-36632 was published for flat (npm) Dec 25, 2022
json-pointer vulnerable to Prototype Pollution Critical
CVE-2022-4742 was published for json-pointer (npm) Dec 26, 2022
Baobab vulnerable to Prototype Pollution Critical
CVE-2021-4307 was published for baobab (npm) Jan 7, 2023
safe-eval vulnerable to Prototype Pollution via the safeEval function Critical
CVE-2023-26121 was published for safe-eval (npm) Apr 11, 2023
safe-eval vulnerable to Sandbox Bypass due to improper input sanitization Critical
CVE-2023-26122 was published for safe-eval (npm) Apr 11, 2023
Prototype Pollution in vConsole Critical
CVE-2023-30363 was published for vconsole (npm) Apr 26, 2023
renbaoshuo
Parse Server vulnerable to remote code execution via MongoDB BSON parser through prototype pollution Critical
CVE-2023-36475 was published for parse-server (npm) Jun 30, 2023
dblythy mtrezza
protobufjs Prototype Pollution vulnerability Critical
CVE-2023-36665 was published for protobufjs (npm) Jul 5, 2023
fhoeben stephengroat
ProTip! Advisories are also available from the GraphQL API