Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,128
NuGet
735
pip
3,944
Pub
12
RubyGems
945
Rust
1,024
Swift
39
Unreviewed advisories
All unreviewed
5,000+

208 advisories

Loading
Prototype pollution in matrix-js-sdk (part 2) High
CVE-2023-28427 was published for matrix-js-sdk (npm) Mar 30, 2023
Prototype pollution in matrix-react-sdk High
CVE-2023-28103 was published for matrix-react-sdk (npm) Mar 29, 2023
matrix-react-sdk Prototype pollution vulnerability High
CVE-2022-36060 was published for matrix-react-sdk (npm) Mar 28, 2023
matrix-js-sdk Prototype Pollution vulnerability High
CVE-2022-36059 was published for matrix-js-sdk (npm) Mar 28, 2023
Collection.js vulnerable to Prototype Pollution High
CVE-2023-26113 was published for collection.js (npm) Mar 18, 2023
dot-lens vulnerable to Prototype Pollution High
CVE-2023-26106 was published for dot-lens (npm) Mar 6, 2023
mde utilities contains Prototype Pollution High
CVE-2023-26105 was published for utilities (npm) Feb 28, 2023
phanect
rangy vulnerable to Prototype Pollution High
CVE-2023-26102 was published for rangy (npm) Feb 24, 2023
A prototype pollution vulnerability exists in Rocket.Chat server <5.2.0 that could allow an... High Unreviewed
CVE-2023-23917 was published Feb 23, 2023
convict vulnerable to Prototype Pollution High
CVE-2023-0163 was published for convict (npm) Jan 10, 2023
Captain-K-101
Prototype Pollution in JSON5 via Parse Method High
CVE-2022-46175 was published for json5 (npm) Dec 29, 2022
jdgregson karlhorky
jordanbtucker jakebailey ebroder kenkku gazben BGehrels mrgrain sigma-z viceice burdeasa sirenevenkii edwardlee-msft
Starcounter-Jack JSON-Patch Prototype Pollution vulnerability High
CVE-2021-4279 was published for fast-json-patch (npm) Dec 25, 2022
sharonbz
tree-kit vulnerable to Prototype Pollution High
CVE-2021-4278 was published for tree-kit (npm) Dec 25, 2022
An attacker could have sent a message to the parent process where the contents were used to... High Unreviewed
CVE-2022-1529 was published Dec 22, 2022
If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype... High Unreviewed
CVE-2022-1802 was published Dec 22, 2022
If an object prototype was corrupted by an attacker, they would have been able to set undesired... High Unreviewed
CVE-2022-2200 was published Dec 22, 2022
dustjs-linkedin vulnerable to Prototype Pollution High
CVE-2021-4264 was published for dustjs-linkedin (npm) Dec 21, 2022
qs vulnerable to Prototype Pollution High
CVE-2022-24999 was published for qs (npm) Nov 27, 2022
dougwilson
Parse Server is vulnerable to Prototype Pollution via Cloud Code Webhooks High
CVE-2022-41879 was published for parse-server (npm) Nov 10, 2022
Parse Server vulnerable to Prototype Pollution via Cloud Code Webhooks or Cloud Code Triggers High
CVE-2022-41878 was published for parse-server (npm) Nov 9, 2022
Prototype pollution in Snowboard framework High
CVE-2022-39357 was published for wintercms/winter (Composer) Oct 27, 2022
hoek subject to prototype pollution via the clone function. High
CVE-2020-36604 was published for @hapi/hoek (npm) Sep 25, 2022
levpachmanov
A vulnerability found in postgresql. On this security issue an attack requires permission to... High Unreviewed
CVE-2022-2625 was published Aug 19, 2022
automattic/mongoose vulnerable to Prototype pollution via Schema.path High
CVE-2022-2564 was published for mongoose (npm) Jul 29, 2022
vovikhangcdv neeraj-vts
grunt-util-property 0.0.2 function call can add/modify properties of Object.prototype using a __proto__ payload High
CVE-2020-7641 was published for grunt-util-property (npm) Jul 18, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database