GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,958
Erlang
29
GitHub Actions
16
Go
1,745
Maven
4,971
npm
3,507
NuGet
609
pip
3,066
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+
133 advisories
Filter by severity
Prototype Pollution in async merge-object
Critical
CVE-2018-3753
was published
for
merge-object
(npm)
Sep 18, 2018
Prototype Pollution in just-extend
Critical
CVE-2018-16489
was published
for
just-extend
(npm)
Feb 7, 2019
Deserialization of untrusted data in FasterXML jackson-databind
Critical
CVE-2019-14379
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Aug 1, 2019
Prototype Pollution in set-value
Critical
CVE-2019-10747
was published
for
set-value
(npm)
Aug 27, 2019
Prototype Pollution in handlebars
Critical
CVE-2019-19919
was published
for
bootstrap-wysihtml5-rails
(RubyGems)
Dec 26, 2019
Prototype Pollution in express-fileupload
Critical
CVE-2020-7699
was published
for
express-fileupload
(npm)
Aug 5, 2020
Prototype Pollution Vulnerability in object-collider
Critical
CVE-2021-25914
was published
for
object-collider
(npm)
Mar 19, 2021
Prototype Pollution in set-or-get
Critical
CVE-2021-25913
was published
for
set-or-get
(npm)
Apr 12, 2021
Prototype Pollution in multi-ini
Critical
CVE-2020-28448
was published
for
multi-ini
(npm)
Apr 13, 2021
Prototype pollution in set-object-value
Critical
CVE-2020-28281
was published
for
set-object-value
(npm)
Apr 13, 2021
Prototype Pollution in madlib-object-utils
Critical
CVE-2020-7701
was published
for
madlib-object-utils
(npm)
May 6, 2021
Prototype Pollution in nis-utils
Critical
CVE-2020-7703
was published
for
nis-utils
(npm)
May 6, 2021
Prototype Pollution in irrelon-path and @irrelon/path
Critical
CVE-2020-7708
was published
for
@irrelon/path
(npm)
May 6, 2021
Prototype Pollution in connie-lang
Critical
CVE-2020-7706
was published
for
connie-lang
(npm)
May 6, 2021
Prototype Pollution in property-expr
Critical
CVE-2020-7707
was published
for
property-expr
(npm)
May 6, 2021
Prototype Pollution in arr-flatten-unflatten
Critical
CVE-2020-7713
was published
for
arr-flatten-unflatten
(npm)
May 6, 2021
Prototype Pollution in dot-notes
Critical
CVE-2020-7717
was published
for
dot-notes
(npm)
May 6, 2021
Prototype Pollution in confucious
Critical
CVE-2020-7714
was published
for
confucious
(npm)
May 6, 2021
Prototype Pollution in node-oojs
Critical
CVE-2020-7721
was published
for
node-oojs
(npm)
May 6, 2021
ProTip!
Advisories are also available from the
GraphQL API