GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
32 advisories
Filter by severity
adolph_dudu ratio-swiper 0.0.2 was discovered to contain a prototype pollution via the function...
Moderate
Unreviewed
CVE-2024-39853
was published
Jul 1, 2024
che3vinci c3/utils-1 1.0.131 was discovered to contain a prototype pollution via the function...
High
Unreviewed
CVE-2024-39016
was published
Jul 1, 2024
amoyjs amoy common v1.0.10 was discovered to contain a prototype pollution via the function...
High
Unreviewed
CVE-2024-39003
was published
Jul 1, 2024
adolph_dudu ratio-swiper v0.0.2 was discovered to contain a prototype pollution via the function...
Moderate
Unreviewed
CVE-2024-39000
was published
Jul 1, 2024
jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function config....
High
Unreviewed
CVE-2024-38998
was published
Jul 1, 2024
A Prototype Pollution issue in byondreal accessor <= 1.0.0 allows an attacker to execute...
High
Unreviewed
CVE-2024-36583
was published
Jun 17, 2024
Cryptographic key vulnerability encoded in the FriendlyWrt firmware affecting version 2022-11-16...
Moderate
Unreviewed
CVE-2024-2495
was published
Mar 15, 2024
A prototype pollution vulnerability has been reported to affect several QNAP operating system...
High
Unreviewed
CVE-2023-39296
was published
Jan 5, 2024
Prototype pollution in bitrix/templates/bitrix24/components/bitrix/menu/left_vertical/script.js...
Critical
Unreviewed
CVE-2023-1717
was published
Nov 1, 2023
The nsc theme for WordPress is vulnerable to Reflected Cross-Site Scripting via prototype...
Moderate
Unreviewed
CVE-2023-3965
was published
Oct 20, 2023
The Winters theme for WordPress is vulnerable to Reflected Cross-Site Scripting via prototype...
Moderate
Unreviewed
CVE-2023-3962
was published
Oct 20, 2023
The Your Journey theme for WordPress is vulnerable to Reflected Cross-Site Scripting via...
Moderate
Unreviewed
CVE-2023-3933
was published
Oct 20, 2023
The Popup by Supsystic WordPress plugin before 1.10.19 has a prototype pollution vulnerability...
Critical
Unreviewed
CVE-2023-3186
was published
Jul 17, 2023
A prototype pollution vulnerability exists in Strikingly CMS which can result in reflected cross...
Moderate
Unreviewed
CVE-2023-2582
was published
May 8, 2023
A prototype pollution vulnerability exists in Rocket.Chat server <5.2.0 that could allow an...
High
Unreviewed
CVE-2023-23917
was published
Feb 23, 2023
Prototype Pollution in Visioweb.js 1.10.6 allows attackers to execute XSS on the client system.
Moderate
Unreviewed
CVE-2022-3901
was published
Feb 20, 2023
An attacker could have sent a message to the parent process where the contents were used to...
High
Unreviewed
CVE-2022-1529
was published
Dec 22, 2022
If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype...
High
Unreviewed
CVE-2022-1802
was published
Dec 22, 2022
If an object prototype was corrupted by an attacker, they would have been able to set undesired...
High
Unreviewed
CVE-2022-2200
was published
Dec 22, 2022
Prototype pollution vulnerability in function DEFNODE in ast.js in mishoo UglifyJS 3.13.2 via the...
Critical
Unreviewed
CVE-2022-37598
was published
Oct 20, 2022
Prototype pollution vulnerability in beautify-web js-beautify 1.13.7 via the name variable in...
Critical
Unreviewed
CVE-2022-37609
was published
Oct 12, 2022
A vulnerability found in postgresql. On this security issue an attack requires permission to...
High
Unreviewed
CVE-2022-2625
was published
Aug 19, 2022
Beaker before 0.8.9 allows a sandbox escape, enabling system access and code execution. This...
Critical
Unreviewed
CVE-2020-12079
was published
May 24, 2022
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the UpgradeWizard...
Moderate
Unreviewed
CVE-2019-17317
was published
May 24, 2022
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Administration...
Moderate
Unreviewed
CVE-2019-17315
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API