Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+

67 advisories

Loading
Prototype Pollution in lodash Moderate
CVE-2018-3721 was published for lodash (npm) Jul 26, 2018
XSS in jQuery as used in Drupal, Backdrop CMS, and other products Moderate
CVE-2019-11358 was published for django (RubyGems) Apr 26, 2019
klaudialax eoftedal
Prototype Pollution in minimist Moderate
CVE-2020-7598 was published for minimist (npm) Apr 3, 2020
ayatweb
Prototype pollution in class-transformer Moderate
CVE-2020-7637 was published for class-transformer (npm) Apr 7, 2020
confinit vulnerable to prototype pollution Moderate
CVE-2020-7638 was published for confinit (npm) Apr 7, 2020
Prototype Pollution in smart-extend Moderate
GHSA-f8h3-rqrm-47v9 was published for smart-extend (npm) Sep 2, 2020
Prototype Pollution in sds Moderate
CVE-2020-7618 was published for sds (npm) Sep 3, 2020
Sandbox Breakout / Prototype Pollution in notevil Moderate
GHSA-9gxr-rhx6-4jgv was published for notevil (npm) Sep 4, 2020
yargs-parser Vulnerable to Prototype Pollution Moderate
CVE-2020-7608 was published for yargs-parser (npm) Sep 4, 2020
Prototype Pollution in mergify Moderate
GHSA-3f95-w5h5-fq86 was published for mergify (npm) Sep 11, 2020
Prototype poisoning Moderate
CVE-2021-21368 was published for msgpack5 (npm) Mar 12, 2021
ninevra
Prototype Pollution in iniparserjs Moderate
CVE-2021-23328 was published for iniparserjs (npm) Apr 13, 2021
Prototype pollution in multi-ini Moderate
CVE-2020-28460 was published for multi-ini (npm) Apr 13, 2021
Improperly Controlled Modification of Dynamically-Determined Object Attributes in querymen Moderate
CVE-2020-7600 was published for querymen (npm) May 7, 2021
Improperly Controlled Modification of Dynamically-Determined Object Attributes in vega-util Moderate
CVE-2019-10806 was published for vega-util (npm) May 7, 2021
Prototype pollution in json-pointer Moderate
CVE-2020-7709 was published for json-pointer (npm) May 10, 2021
Prototype pollution in @tsed/core Moderate
CVE-2020-7748 was published for @tsed/core (npm) May 10, 2021
eivindfjeldstad-dot contains prototype pollution vulnerability Moderate
CVE-2020-7639 was published for @eivifj/dot (npm) May 25, 2021
Prototype Pollution in lutils Moderate
CVE-2021-23396 was published for lutils (npm) Jun 21, 2021
Prototype Pollution in GraphHopper Moderate
CVE-2021-23408 was published for com.graphhopper:graphhopper-web-bundle (Maven) Aug 2, 2021
Remote Code Execution via unsafe classes in otherwise permitted modules Moderate
CVE-2021-32807 was published for AccessControl (pip) Aug 5, 2021
jszip Vulnerable to Prototype Pollution Moderate
CVE-2021-23413 was published for jszip (npm) Aug 10, 2021
kalinkrustev
Prototype Pollution in deepmergefn Moderate
CVE-2021-23417 was published for deepmergefn (npm) Aug 10, 2021
Prototype Pollution in open-graph Moderate
CVE-2021-23419 was published for open-graph (npm) Sep 1, 2021
Prototype Pollution in object-path Moderate
CVE-2021-23434 was published for object-path (npm) Sep 1, 2021
ProTip! Advisories are also available from the GraphQL API