GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+
146 advisories
Filter by severity
Improperly Controlled Modification of Dynamically-Determined Object Attributes in casperjs
High
CVE-2020-7679
was published
for
casperjs
(npm)
May 17, 2021
progressbar.js vulnerable to Prototype Pollution
High
CVE-2023-26133
was published
for
progressbar.js
(npm)
Jun 12, 2023
Prototype Pollution(PP) vulnerability in setByPath
High
CVE-2023-45827
was published
for
@clickbar/dot-diver
(npm)
Nov 3, 2023
Prototype Pollution in NASA Open MCT
High
CVE-2023-45282
was published
for
openmct
(npm)
Oct 6, 2023
Synchrony deobfuscator prototype pollution vulnerability leading to arbitrary code execution
High
CVE-2023-45811
was published
for
deobfuscator
(npm)
Oct 18, 2023
Collection.js vulnerable to Prototype Pollution
High
CVE-2023-26113
was published
for
collection.js
(npm)
Mar 18, 2023
dot-prop Prototype Pollution vulnerability
High
CVE-2020-8116
was published
for
dot-prop
(npm)
Jul 29, 2020
dottie vulnerable to Prototype Pollution
High
CVE-2023-26132
was published
for
dottie
(npm)
Jun 10, 2023
Prototype Pollution in node-forge
High
CVE-2020-7720
was published
for
node-forge
(npm)
Sep 14, 2020
automattic/mongoose vulnerable to Prototype pollution via Schema.path
High
CVE-2022-2564
was published
for
mongoose
(npm)
Jul 29, 2022
Prototype Pollution in object-path
High
CVE-2021-3805
was published
for
object-path
(npm)
Sep 20, 2021
Prototype Pollution in protobufjs
High
CVE-2022-25878
was published
for
protobufjs
(npm)
May 28, 2022
Prototype Pollution in querystringify
High
GHSA-hxcm-v35h-mg2x
was published
for
querystringify
(npm)
Jun 7, 2019
underscore-keypath vulnerable to Prototype Pollution
High
CVE-2023-26139
was published
for
underscore-keypath
(npm)
Aug 1, 2023
sequelize-typescript Prototype Pollution vulnerability
High
CVE-2023-6293
was published
for
sequelize-typescript
(npm)
Nov 24, 2023
mockjs vulnerable to Prototype Pollution via the Util.extend function
High
CVE-2023-26158
was published
for
mockjs
(npm)
Dec 8, 2023
Phar object injection in PHPMailer
High
CVE-2018-19296
was published
for
phpmailer/phpmailer
(Composer)
Mar 5, 2020
flatnest Prototype Pollution vulnerability
High
CVE-2023-26135
was published
for
flatnest
(npm)
Jun 30, 2023
Class destructors causing side-effects when being unserialized in TYPO3 CMS
High
CVE-2020-11066
was published
for
typo3/cms
(Composer)
May 13, 2020
ProTip!
Advisories are also available from the
GraphQL API