Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,500
Maven
5,000+
npm
4,147
NuGet
735
pip
3,948
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

460 advisories

Loading
Prototype Pollution in decal High
CVE-2020-28450 was published for decal (npm) Apr 13, 2021
Prototype Pollution in gammautils Critical
CVE-2020-7718 was published for gammautils (npm) May 6, 2021
Prototype Pollution in mpath High
CVE-2018-16490 was published for mpath (npm) Feb 7, 2019
Prototype Pollution in just-extend Critical
CVE-2018-16489 was published for just-extend (npm) Feb 7, 2019
objection.js Prototype Pollution vulnerability Critical
CVE-2021-3766 was published for objection (npm) Sep 7, 2021
Prototype pollution in getobject Critical
CVE-2020-28282 was published for getobject (npm) Oct 12, 2021
Prototype Pollution in merge High
CVE-2018-16469 was published for merge (npm) Nov 1, 2018
Prototype Pollution in irrelon-path and @irrelon/path Critical
CVE-2020-7708 was published for @irrelon/path (npm) May 6, 2021
Prototype Pollution in deephas Critical
CVE-2020-28271 was published for deephas (npm) Sep 24, 2021
Prototype Pollution in sey Moderate
CVE-2021-23663 was published for sey (npm) Dec 16, 2021
Prototype Pollution in object-path Moderate
CVE-2021-23434 was published for object-path (npm) Sep 1, 2021
Prototype Pollution in field Critical
CVE-2020-28269 was published for field (npm) Dec 10, 2021
Prototype Pollution in assign-deep High
CVE-2018-3720 was published for assign-deep (npm) Jul 26, 2018
Prototype Pollution in comb Moderate
CVE-2021-23561 was published for comb (npm) Dec 16, 2021
Prototype Pollution in record-like-deep-assign High
CVE-2021-23402 was published for record-like-deep-assign (npm) Dec 10, 2021
Deserialization of untrusted data in FasterXML jackson-databind Critical
CVE-2019-14379 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Aug 1, 2019
Improperly Controlled Modification of Dynamically-Determined Object Attributes in casperjs High
CVE-2020-7679 was published for casperjs (npm) May 17, 2021
set-getter Prototype Pollution Vulnerability Critical
CVE-2021-25949 was published for set-getter (npm) Jun 21, 2021
Prototype pollution in total.js High
CVE-2020-28495 was published for total.js (npm) Feb 5, 2021
jszip Vulnerable to Prototype Pollution Moderate
CVE-2021-23413 was published for jszip (npm) Aug 10, 2021
kalinkrustev
Prototype pollution in webpack loader-utils Critical
CVE-2022-37601 was published for loader-utils (npm) Oct 13, 2022
westonsteimel kennylindley
Prototype Pollution in ali-security/mongoose Critical
GHSA-rc4v-99cr-pjcm was published for @seal-security/mongoose-fixed (npm) Oct 17, 2023
keyget vulnerable to prototype pollution Critical
CVE-2020-28272 was published for keyget (npm) May 24, 2022
Changeset vulnerable to prototype pollution Critical
CVE-2021-25915 was published for changeset (npm) May 24, 2022
Grunt-karma vulnerable to prototype pollution Critical
CVE-2022-37602 was published for grunt-karma (npm) Oct 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database