Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,168
Erlang
30
GitHub Actions
19
Go
1,975
Maven
5,000+
npm
3,698
NuGet
654
pip
3,314
Pub
11
RubyGems
882
Rust
831
Swift
35
Unreviewed advisories
All unreviewed
5,000+

149 advisories

Loading
Prototype Pollution in async merge-object Critical
CVE-2018-3753 was published for merge-object (npm) Sep 18, 2018
Command injection in Parse Server through prototype pollution Critical
CVE-2022-24760 was published for parse-server (npm) Mar 11, 2022
yuske cristianstaicu
musard mtrezza
Prototype Pollution Critical
CVE-2021-25948 was published for expand-hash (npm) Jun 21, 2021
Prototype Pollution in algoliasearch-helper Critical
CVE-2021-23433 was published for algoliasearch-helper (npm) Nov 23, 2021
Prototype pollution vulnerability in js-extend Critical
CVE-2021-25945 was published for js-extend (npm) Jun 8, 2021
Prototype Pollution in set-in Critical
CVE-2022-25354 was published for set-in (npm) Mar 18, 2022
Prototype polluation in just-safe-set Critical
CVE-2021-25952 was published for just-safe-set (npm) Dec 10, 2021
Prototype Pollution in libnested Critical
CVE-2022-25352 was published for libnested (npm) Mar 18, 2022
Prototype Pollution in Sails.js Critical
CVE-2021-44908 was published for sails (npm) Mar 18, 2022
set-deep-prop Prototype Pollution Critical
CVE-2021-23373 was published for set-deep-prop (npm) Jul 26, 2022
conf-cfg-ini Prototype Pollution via malicious INI file before v1.2.2 Critical
CVE-2020-28441 was published for conf-cfg-ini (npm) Jul 26, 2022
ion-parser Prototype Pollution when malicious INI file submitted to application that parses with `parse` Critical
CVE-2020-28462 was published for ion-parser (npm) Jul 26, 2022
js-ini Prorotype Pollution when malicious INI files submitted to an application that parses it with `parse` Critical
CVE-2020-28461 was published for js-ini (npm) Jul 26, 2022
ts-deepmerge before 2.0.2 vulnerable to Prototype Pollution Critical
CVE-2022-25907 was published for ts-deepmerge (npm) Aug 10, 2022
Prototype Pollution in locutus Critical
CVE-2020-7719 was published for locutus (npm) May 6, 2021
Prototype Pollution in arr-flatten-unflatten Critical
CVE-2020-7713 was published for arr-flatten-unflatten (npm) May 6, 2021
Prototype Pollution in connie-lang Critical
CVE-2020-7706 was published for connie-lang (npm) May 6, 2021
Improperly Controlled Modification of Dynamically-Determined Object Attributes in Apache Struts Critical
CVE-2019-0230 was published for org.apache.struts:struts2-core (Maven) Dec 2, 2021
Prototype Pollution in nis-utils Critical
CVE-2020-7703 was published for nis-utils (npm) May 6, 2021
Prototype Pollution in madlib-object-utils Critical
CVE-2020-7701 was published for madlib-object-utils (npm) May 6, 2021
Prototype Pollution in express-fileupload Critical
CVE-2020-7699 was published for express-fileupload (npm) Aug 5, 2020
Prototype Pollution in property-expr Critical
CVE-2020-7707 was published for property-expr (npm) May 6, 2021
Prototype Pollution in templ8 Critical
CVE-2020-7702 was published for templ8 (npm) May 6, 2021
Autobinding vulnerability in MITREid Connect Critical
CVE-2021-27582 was published for org.mitre:openid-connect-parent (Maven) May 13, 2021
Beaker before 0.8.9 allows a sandbox escape, enabling system access and code execution. This... Critical Unreviewed
CVE-2020-12079 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database