Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+

146 advisories

Loading
Prototype Pollution in hoek High
CVE-2018-3728 was published for hoek (npm) Apr 26, 2018
Improperly Controlled Modification of Dynamically-Determined Object Attributes in casperjs High
CVE-2020-7679 was published for casperjs (npm) May 17, 2021
Prototype pollution in total.js High
CVE-2020-28495 was published for total.js (npm) Feb 5, 2021
Prototype Pollution in set-value High
CVE-2021-23440 was published for set-value (npm) Sep 13, 2021
mroch
progressbar.js vulnerable to Prototype Pollution High
CVE-2023-26133 was published for progressbar.js (npm) Jun 12, 2023
kimmobrunfeldt juburr
Prototype Pollution in sheetJS High
CVE-2023-30533 was published for xlsx (npm) Apr 24, 2023
pmartinat stof
Prototype Pollution(PP) vulnerability in setByPath High
CVE-2023-45827 was published for @clickbar/dot-diver (npm) Nov 3, 2023
d3ng03 GAP-dev
Prototype Pollution in NASA Open MCT High
CVE-2023-45282 was published for openmct (npm) Oct 6, 2023
Synchrony deobfuscator prototype pollution vulnerability leading to arbitrary code execution High
CVE-2023-45811 was published for deobfuscator (npm) Oct 18, 2023
SteakEnthusiast
Collection.js vulnerable to Prototype Pollution High
CVE-2023-26113 was published for collection.js (npm) Mar 18, 2023
dot-prop Prototype Pollution vulnerability High
CVE-2020-8116 was published for dot-prop (npm) Jul 29, 2020
dottie vulnerable to Prototype Pollution High
CVE-2023-26132 was published for dottie (npm) Jun 10, 2023
Prototype Pollution in node-forge High
CVE-2020-7720 was published for node-forge (npm) Sep 14, 2020
automattic/mongoose vulnerable to Prototype pollution via Schema.path High
CVE-2022-2564 was published for mongoose (npm) Jul 29, 2022
vovikhangcdv neeraj-vts
Prototype Pollution in object-path High
CVE-2021-3805 was published for object-path (npm) Sep 20, 2021
kurt-r2c
Prototype Pollution in protobufjs High
CVE-2022-25878 was published for protobufjs (npm) May 28, 2022
dotdash steinz
Prototype Pollution in querystringify High
GHSA-hxcm-v35h-mg2x was published for querystringify (npm) Jun 7, 2019
underscore-keypath vulnerable to Prototype Pollution High
CVE-2023-26139 was published for underscore-keypath (npm) Aug 1, 2023
Prototype Pollution in y18n High
CVE-2020-7774 was published for y18n (npm) Mar 29, 2021
sequelize-typescript Prototype Pollution vulnerability High
CVE-2023-6293 was published for sequelize-typescript (npm) Nov 24, 2023
mockjs vulnerable to Prototype Pollution via the Util.extend function High
CVE-2023-26158 was published for mockjs (npm) Dec 8, 2023
Phar object injection in PHPMailer High
CVE-2018-19296 was published for phpmailer/phpmailer (Composer) Mar 5, 2020
Prototype Pollution in lodash High
CVE-2020-8203 was published for lodash (npm) Jul 15, 2020
mitchell-codecov jkmartindale
bengry greengeko tompazourek
flatnest Prototype Pollution vulnerability High
CVE-2023-26135 was published for flatnest (npm) Jun 30, 2023
Class destructors causing side-effects when being unserialized in TYPO3 CMS High
CVE-2020-11066 was published for typo3/cms (Composer) May 13, 2020
ohader
ProTip! Advisories are also available from the GraphQL API