Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+

128 advisories

Loading
thlorenz browserify-shim vulnerable to prototype pollution Critical
CVE-2022-37617 was published for browserify-shim (npm) Oct 12, 2022
mockery is vulnerable to prototype pollution Critical
CVE-2022-37614 was published for mockery (npm) Oct 12, 2022
akaustav
Prototype pollution in webpack loader-utils Critical
CVE-2022-37601 was published for loader-utils (npm) Oct 13, 2022
westonsteimel kennylindley
Grunt-karma vulnerable to prototype pollution Critical
CVE-2022-37602 was published for grunt-karma (npm) Oct 14, 2022
Feather-Sequelize cleanQuery method vulnerable to Prototype Pollution Critical
CVE-2022-29823 was published for feathers-sequelize (npm) Oct 26, 2022
Churro
thlorenz browserify-shim vulnerable to prototype pollution Critical
CVE-2022-37621 was published for browserify-shim (npm) Oct 29, 2022
thlorenz browserify-shim vulnerable to prototype pollution Critical
CVE-2022-37623 was published for browserify-shim (npm) Oct 31, 2022
Remote code execution via MongoDB BSON parser through prototype pollution Critical
CVE-2022-39396 was published for parse-server (npm) Nov 8, 2022
npm package rfc6902 vulnerable to Prototype Pollution Critical
CVE-2021-4245 was published for rfc6902 (npm) Dec 15, 2022
FurqanSoftware/node-whois vulnerable to Prototype Pollution Critical
CVE-2020-36618 was published for whois (npm) Dec 19, 2022
safe-eval vulnerable to Prototype Pollution Critical
CVE-2022-25904 was published for safe-eval (npm) Dec 20, 2022
flat vulnerable to Prototype Pollution Critical
CVE-2020-36632 was published for flat (npm) Dec 25, 2022
json-pointer vulnerable to Prototype Pollution Critical
CVE-2022-4742 was published for json-pointer (npm) Dec 26, 2022
Baobab vulnerable to Prototype Pollution Critical
CVE-2021-4307 was published for baobab (npm) Jan 7, 2023
safe-eval vulnerable to Sandbox Bypass due to improper input sanitization Critical
CVE-2023-26122 was published for safe-eval (npm) Apr 11, 2023
safe-eval vulnerable to Prototype Pollution via the safeEval function Critical
CVE-2023-26121 was published for safe-eval (npm) Apr 11, 2023
Prototype Pollution in vConsole Critical
CVE-2023-30363 was published for vconsole (npm) Apr 26, 2023
renbaoshuo
Parse Server vulnerable to remote code execution via MongoDB BSON parser through prototype pollution Critical
CVE-2023-36475 was published for parse-server (npm) Jun 30, 2023
dblythy mtrezza
protobufjs Prototype Pollution vulnerability Critical
CVE-2023-36665 was published for protobufjs (npm) Jul 5, 2023
fhoeben stephengroat
Mongoose Prototype Pollution vulnerability Critical
CVE-2023-3696 was published for mongoose (npm) Jul 17, 2023
MrSwitch hello.js vulnerable to prototype pollution Critical
CVE-2021-26505 was published for hellojs (npm) Aug 11, 2023
tree-kit Prototype Pollution vulnerability Critical
CVE-2023-38894 was published for tree-kit (npm) Aug 17, 2023
Prototype Pollution in ali-security/mongoose Critical
GHSA-rc4v-99cr-pjcm was published for @seal-security/mongoose-fixed (npm) Oct 17, 2023
plotly.js prototype pollution vulnerability Critical
CVE-2023-46308 was published for plotly.js (Composer) Jan 3, 2024
JSONata expression can pollute the "Object" prototype Critical
CVE-2024-27307 was published for jsonata (npm) Mar 4, 2024
AlbertSPedersen
ProTip! Advisories are also available from the GraphQL API