Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+

131 advisories

Loading
Prototype Pollution in async merge-object Critical
CVE-2018-3753 was published for merge-object (npm) Sep 18, 2018
Command injection in Parse Server through prototype pollution Critical
CVE-2022-24760 was published for parse-server (npm) Mar 11, 2022
yuske cristianstaicu
musard mtrezza
Prototype Pollution in algoliasearch-helper Critical
CVE-2021-23433 was published for algoliasearch-helper (npm) Nov 23, 2021
Prototype Pollution Critical
CVE-2021-25948 was published for expand-hash (npm) Jun 21, 2021
Prototype pollution vulnerability in js-extend Critical
CVE-2021-25945 was published for js-extend (npm) Jun 8, 2021
Prototype Pollution in set-in Critical
CVE-2022-25354 was published for set-in (npm) Mar 18, 2022
Prototype polluation in just-safe-set Critical
CVE-2021-25952 was published for just-safe-set (npm) Dec 10, 2021
Prototype Pollution in libnested Critical
CVE-2022-25352 was published for libnested (npm) Mar 18, 2022
Prototype Pollution in Sails.js Critical
CVE-2021-44908 was published for sails (npm) Mar 18, 2022
set-deep-prop Prototype Pollution Critical
CVE-2021-23373 was published for set-deep-prop (npm) Jul 26, 2022
conf-cfg-ini Prototype Pollution via malicious INI file before v1.2.2 Critical
CVE-2020-28441 was published for conf-cfg-ini (npm) Jul 26, 2022
ion-parser Prototype Pollution when malicious INI file submitted to application that parses with `parse` Critical
CVE-2020-28462 was published for ion-parser (npm) Jul 26, 2022
js-ini Prorotype Pollution when malicious INI files submitted to an application that parses it with `parse` Critical
CVE-2020-28461 was published for js-ini (npm) Jul 26, 2022
ts-deepmerge before 2.0.2 vulnerable to Prototype Pollution Critical
CVE-2022-25907 was published for ts-deepmerge (npm) Aug 10, 2022
Prototype Pollution in locutus Critical
CVE-2020-7719 was published for locutus (npm) May 6, 2021
Prototype Pollution in arr-flatten-unflatten Critical
CVE-2020-7713 was published for arr-flatten-unflatten (npm) May 6, 2021
Prototype Pollution in connie-lang Critical
CVE-2020-7706 was published for connie-lang (npm) May 6, 2021
Improperly Controlled Modification of Dynamically-Determined Object Attributes in Apache Struts Critical
CVE-2019-0230 was published for org.apache.struts:struts2-core (Maven) Dec 2, 2021
Prototype Pollution in nis-utils Critical
CVE-2020-7703 was published for nis-utils (npm) May 6, 2021
Prototype Pollution in madlib-object-utils Critical
CVE-2020-7701 was published for madlib-object-utils (npm) May 6, 2021
Prototype Pollution in express-fileupload Critical
CVE-2020-7699 was published for express-fileupload (npm) Aug 5, 2020
Prototype Pollution in property-expr Critical
CVE-2020-7707 was published for property-expr (npm) May 6, 2021
Prototype Pollution in templ8 Critical
CVE-2020-7702 was published for templ8 (npm) May 6, 2021
Autobinding vulnerability in MITREid Connect Critical
CVE-2021-27582 was published for org.mitre:openid-connect-parent (Maven) May 13, 2021
flat vulnerable to Prototype Pollution Critical
CVE-2020-36632 was published for flat (npm) Dec 25, 2022
ProTip! Advisories are also available from the GraphQL API