GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,029
Erlang
29
GitHub Actions
16
Go
1,833
Maven
5,000+
npm
3,573
NuGet
632
pip
3,160
Pub
10
RubyGems
847
Rust
798
Swift
34
Unreviewed advisories
All unreviewed
5,000+
338 advisories
Filter by severity
Prototype Pollution in confucious
Critical
CVE-2020-7714
was published
for
confucious
(npm)
May 6, 2021
Prototype Pollution in tiny-conf
Critical
CVE-2020-7724
was published
for
tiny-conf
(npm)
May 10, 2021
Prototype Pollution in simpl-schema
High
CVE-2020-7742
was published
for
simpl-schema
(npm)
May 10, 2021
Prototype Pollution in node-oojs
Critical
CVE-2020-7721
was published
for
node-oojs
(npm)
May 6, 2021
Prototype Pollution in promisehelpers
Critical
CVE-2020-7723
was published
for
promisehelpers
(npm)
May 6, 2021
Prototype Pollution in dot-notes
Critical
CVE-2020-7717
was published
for
dot-notes
(npm)
May 6, 2021
Prototype Pollution in set-or-get
Critical
CVE-2021-25913
was published
for
set-or-get
(npm)
Apr 12, 2021
Prototype Pollution in doc-path
Critical
CVE-2020-7772
was published
for
doc-path
(npm)
May 10, 2021
Prototype pollution in json8-merge-patch
High
CVE-2020-8268
was published
for
json8-merge-patch
(npm)
May 10, 2021
Prototype Pollution in copy-props
High
CVE-2020-28503
was published
for
copy-props
(npm)
Jan 6, 2022
Prototype Pollution in iniparserjs
Moderate
CVE-2021-23328
was published
for
iniparserjs
(npm)
Apr 13, 2021
Prototype pollution in set-object-value
Critical
CVE-2020-28281
was published
for
set-object-value
(npm)
Apr 13, 2021
Prototype Pollution in multi-ini
Critical
CVE-2020-28448
was published
for
multi-ini
(npm)
Apr 13, 2021
Prototype Pollution Vulnerability in object-collider
Critical
CVE-2021-25914
was published
for
object-collider
(npm)
Mar 19, 2021
Prototype Pollution in Node-Red
High
CVE-2021-21297
was published
for
@node-red/runtime
(npm)
Feb 26, 2021
Prototype Pollution in jsgui-lang-essentials
High
CVE-2022-25301
was published
for
jsgui-lang-essentials
(npm)
May 3, 2022
ProTip!
Advisories are also available from the
GraphQL API