GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,618
NuGet
638
pip
3,231
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+
341 advisories
Filter by severity
matrix-react-sdk Prototype pollution vulnerability
High
CVE-2022-36060
was published
for
matrix-react-sdk
(npm)
Mar 28, 2023
matrix-js-sdk Prototype Pollution vulnerability
High
CVE-2022-36059
was published
for
matrix-js-sdk
(npm)
Mar 28, 2023
dot-lens vulnerable to Prototype Pollution
High
CVE-2023-26106
was published
for
dot-lens
(npm)
Mar 6, 2023
mde utilities contains Prototype Pollution
High
CVE-2023-26105
was published
for
utilities
(npm)
Feb 28, 2023
rangy vulnerable to Prototype Pollution
High
CVE-2023-26102
was published
for
rangy
(npm)
Feb 24, 2023
Prototype Pollution in object-extend
Critical
CVE-2021-23702
was published
for
object-extend
(npm)
Feb 19, 2022
Prototype Pollution in litespeed.js and appwrite/server-ce
Critical
CVE-2021-23682
was published
for
appwrite/server-ce
(Composer)
Feb 17, 2022
Prototype Pollution in @strikeentco/set
High
CVE-2021-23497
was published
for
@strikeentco/set
(npm)
Feb 5, 2022
Prototype Pollution in putil-merge
High
CVE-2021-23470
was published
for
putil-merge
(npm)
Feb 5, 2022
Prototype Pollution in object-path-set
High
CVE-2021-23507
was published
for
object-path-set
(npm)
Feb 5, 2022
Prototype Pollution in realms-shim
Critical
CVE-2021-23594
was published
for
realms-shim
(npm)
Jan 12, 2022
Prototype Pollution in realms-shim
Critical
CVE-2021-23543
was published
for
realms-shim
(npm)
Jan 13, 2022
safe-eval vulnerable to Prototype Pollution
Critical
CVE-2022-25904
was published
for
safe-eval
(npm)
Dec 20, 2022
Withdrawn: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in @xmldom/xmldom and xmldom
Critical
CVE-2022-37616
was published
for
@xmldom/xmldom
(npm)
Oct 11, 2022
•
withdrawn
tree-kit vulnerable to Prototype Pollution
High
CVE-2021-4278
was published
for
tree-kit
(npm)
Dec 25, 2022
Prototype Pollution in merge-deep2.
Moderate
CVE-2021-23700
was published
for
merge-deep2
(npm)
Dec 16, 2021
Prototype Pollution in @fabiocaccamo/utils.js
High
CVE-2021-3815
was published
for
@fabiocaccamo/utils.js
(npm)
Dec 10, 2021
ProTip!
Advisories are also available from the
GraphQL API