Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+

141 advisories

Loading
grunt-util-property 0.0.2 function call can add/modify properties of Object.prototype using a __proto__ payload High
CVE-2020-7641 was published for grunt-util-property (npm) Jul 18, 2022
automattic/mongoose vulnerable to Prototype pollution via Schema.path High
CVE-2022-2564 was published for mongoose (npm) Jul 29, 2022
vovikhangcdv neeraj-vts
hoek subject to prototype pollution via the clone function. High
CVE-2020-36604 was published for @hapi/hoek (npm) Sep 25, 2022
levpachmanov
Parse Server vulnerable to Prototype Pollution via Cloud Code Webhooks or Cloud Code Triggers High
CVE-2022-41878 was published for parse-server (npm) Nov 9, 2022
Parse Server is vulnerable to Prototype Pollution via Cloud Code Webhooks High
CVE-2022-41879 was published for parse-server (npm) Nov 10, 2022
qs vulnerable to Prototype Pollution High
CVE-2022-24999 was published for qs (npm) Nov 27, 2022
dougwilson
dustjs-linkedin vulnerable to Prototype Pollution High
CVE-2021-4264 was published for dustjs-linkedin (npm) Dec 21, 2022
tree-kit vulnerable to Prototype Pollution High
CVE-2021-4278 was published for tree-kit (npm) Dec 25, 2022
Starcounter-Jack JSON-Patch Prototype Pollution vulnerability High
CVE-2021-4279 was published for fast-json-patch (npm) Dec 25, 2022
sharonbz
Prototype Pollution in JSON5 via Parse Method High
CVE-2022-46175 was published for json5 (npm) Dec 29, 2022
jdgregson karlhorky
jordanbtucker jakebailey ebroder kenkku gazben BGehrels mrgrain sigma-z viceice burdeasa sirenevenkii edwardlee-msft
rangy vulnerable to Prototype Pollution High
CVE-2023-26102 was published for rangy (npm) Feb 24, 2023
mde utilities contains Prototype Pollution High
CVE-2023-26105 was published for utilities (npm) Feb 28, 2023
phanect
dot-lens vulnerable to Prototype Pollution High
CVE-2023-26106 was published for dot-lens (npm) Mar 6, 2023
Collection.js vulnerable to Prototype Pollution High
CVE-2023-26113 was published for collection.js (npm) Mar 18, 2023
matrix-js-sdk Prototype Pollution vulnerability High
CVE-2022-36059 was published for matrix-js-sdk (npm) Mar 28, 2023
matrix-react-sdk Prototype pollution vulnerability High
CVE-2022-36060 was published for matrix-react-sdk (npm) Mar 28, 2023
Prototype pollution in matrix-react-sdk High
CVE-2023-28103 was published for matrix-react-sdk (npm) Mar 29, 2023
Prototype pollution in matrix-js-sdk (part 2) High
CVE-2023-28427 was published for matrix-js-sdk (npm) Mar 30, 2023
Prototype Pollution in sheetJS High
CVE-2023-30533 was published for xlsx (npm) Apr 24, 2023
pmartinat stof
dottie vulnerable to Prototype Pollution High
CVE-2023-26132 was published for dottie (npm) Jun 10, 2023
progressbar.js vulnerable to Prototype Pollution High
CVE-2023-26133 was published for progressbar.js (npm) Jun 12, 2023
kimmobrunfeldt juburr
flatnest Prototype Pollution vulnerability High
CVE-2023-26135 was published for flatnest (npm) Jun 30, 2023
underscore-keypath vulnerable to Prototype Pollution High
CVE-2023-26139 was published for underscore-keypath (npm) Aug 1, 2023
Prototype Pollution in NASA Open MCT High
CVE-2023-45282 was published for openmct (npm) Oct 6, 2023
Synchrony deobfuscator prototype pollution vulnerability leading to arbitrary code execution High
CVE-2023-45811 was published for deobfuscator (npm) Oct 18, 2023
SteakEnthusiast
ProTip! Advisories are also available from the GraphQL API