Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

367 advisories

Loading
A prototype pollution vulnerability exists in Strikingly CMS which can result in reflected cross... Moderate Unreviewed
CVE-2023-2582 was published May 8, 2023
Possible prototype pollution in metadata record, when using meta decorator Low
CVE-2023-30857 was published for @aedart/support (npm) May 1, 2023
Prototype Pollution in vConsole Critical
CVE-2023-30363 was published for vconsole (npm) Apr 26, 2023
renbaoshuo
Prototype Pollution in sheetJS High
CVE-2023-30533 was published for xlsx (npm) Apr 24, 2023
pmartinat stof
safe-eval vulnerable to Sandbox Bypass due to improper input sanitization Critical
CVE-2023-26122 was published for safe-eval (npm) Apr 11, 2023
safe-eval vulnerable to Prototype Pollution via the safeEval function Critical
CVE-2023-26121 was published for safe-eval (npm) Apr 11, 2023
xml2js is vulnerable to prototype pollution Moderate
CVE-2023-0842 was published for xml2js (npm) Apr 5, 2023
brokenedtzjs OIRNOIR
simonkrol Harrington-Joe_pfghub G-Rath
Prototype pollution in matrix-js-sdk (part 2) High
CVE-2023-28427 was published for matrix-js-sdk (npm) Mar 30, 2023
Prototype pollution in matrix-react-sdk High
CVE-2023-28103 was published for matrix-react-sdk (npm) Mar 29, 2023
matrix-react-sdk Prototype pollution vulnerability High
CVE-2022-36060 was published for matrix-react-sdk (npm) Mar 28, 2023
matrix-js-sdk Prototype Pollution vulnerability High
CVE-2022-36059 was published for matrix-js-sdk (npm) Mar 28, 2023
Collection.js vulnerable to Prototype Pollution High
CVE-2023-26113 was published for collection.js (npm) Mar 18, 2023
dot-lens vulnerable to Prototype Pollution High
CVE-2023-26106 was published for dot-lens (npm) Mar 6, 2023
mde utilities contains Prototype Pollution High
CVE-2023-26105 was published for utilities (npm) Feb 28, 2023
phanect
rangy vulnerable to Prototype Pollution High
CVE-2023-26102 was published for rangy (npm) Feb 24, 2023
A prototype pollution vulnerability exists in Rocket.Chat server <5.2.0 that could allow an... High Unreviewed
CVE-2023-23917 was published Feb 23, 2023
Prototype Pollution in Visioweb.js 1.10.6 allows attackers to execute XSS on the client system. Moderate Unreviewed
CVE-2022-3901 was published Feb 20, 2023
Baobab vulnerable to Prototype Pollution Critical
CVE-2021-4307 was published for baobab (npm) Jan 7, 2023
Prototype Pollution in JSON5 via Parse Method High
CVE-2022-46175 was published for json5 (npm) Dec 29, 2022
jdgregson karlhorky
jordanbtucker jakebailey ebroder kenkku gazben BGehrels mrgrain sigma-z viceice burdeasa sirenevenkii edwardlee-msft
json-pointer vulnerable to Prototype Pollution Critical
CVE-2022-4742 was published for json-pointer (npm) Dec 26, 2022
Starcounter-Jack JSON-Patch Prototype Pollution vulnerability High
CVE-2021-4279 was published for fast-json-patch (npm) Dec 25, 2022
sharonbz
flat vulnerable to Prototype Pollution Critical
CVE-2020-36632 was published for flat (npm) Dec 25, 2022
tree-kit vulnerable to Prototype Pollution High
CVE-2021-4278 was published for tree-kit (npm) Dec 25, 2022
An attacker could have sent a message to the parent process where the contents were used to... High Unreviewed
CVE-2022-1529 was published Dec 22, 2022
If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype... High Unreviewed
CVE-2022-1802 was published Dec 22, 2022
ProTip! Advisories are also available from the GraphQL API