GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
367 advisories
Filter by severity
If an object prototype was corrupted by an attacker, they would have been able to set undesired...
High
Unreviewed
CVE-2022-2200
was published
Dec 22, 2022
dustjs-linkedin vulnerable to Prototype Pollution
High
CVE-2021-4264
was published
for
dustjs-linkedin
(npm)
Dec 21, 2022
safe-eval vulnerable to Prototype Pollution
Critical
CVE-2022-25904
was published
for
safe-eval
(npm)
Dec 20, 2022
FurqanSoftware/node-whois vulnerable to Prototype Pollution
Critical
CVE-2020-36618
was published
for
whois
(npm)
Dec 19, 2022
npm package rfc6902 vulnerable to Prototype Pollution
Critical
CVE-2021-4245
was published
for
rfc6902
(npm)
Dec 15, 2022
Parse Server is vulnerable to Prototype Pollution via Cloud Code Webhooks
High
CVE-2022-41879
was published
for
parse-server
(npm)
Nov 10, 2022
Parse Server vulnerable to Prototype Pollution via Cloud Code Webhooks or Cloud Code Triggers
High
CVE-2022-41878
was published
for
parse-server
(npm)
Nov 9, 2022
Remote code execution via MongoDB BSON parser through prototype pollution
Critical
CVE-2022-39396
was published
for
parse-server
(npm)
Nov 8, 2022
fastest-json-copy vulnerable to Prototype Pollution
Moderate
CVE-2022-41714
was published
for
fastest-json-copy
(npm)
Nov 4, 2022
deep-parse-json vulnerable to Prototype Pollution
Moderate
CVE-2022-42743
was published
for
deep-parse-json
(npm)
Nov 4, 2022
deep-object-diff vulnerable to Prototype Pollution
Moderate
CVE-2022-41713
was published
for
deep-object-diff
(npm)
Nov 4, 2022
thlorenz browserify-shim vulnerable to prototype pollution
Critical
CVE-2022-37623
was published
for
browserify-shim
(npm)
Oct 31, 2022
thlorenz browserify-shim vulnerable to prototype pollution
Critical
CVE-2022-37621
was published
for
browserify-shim
(npm)
Oct 29, 2022
Prototype pollution in Snowboard framework
High
CVE-2022-39357
was published
for
wintercms/winter
(Composer)
Oct 27, 2022
Feather-Sequelize cleanQuery method vulnerable to Prototype Pollution
Critical
CVE-2022-29823
was published
for
feathers-sequelize
(npm)
Oct 26, 2022
Prototype pollution vulnerability in function DEFNODE in ast.js in mishoo UglifyJS 3.13.2 via the...
Critical
Unreviewed
CVE-2022-37598
was published
Oct 20, 2022
Grunt-karma vulnerable to prototype pollution
Critical
CVE-2022-37602
was published
for
grunt-karma
(npm)
Oct 14, 2022
Prototype pollution in webpack loader-utils
Critical
CVE-2022-37601
was published
for
loader-utils
(npm)
Oct 13, 2022
mockery is vulnerable to prototype pollution
Critical
CVE-2022-37614
was published
for
mockery
(npm)
Oct 12, 2022
Prototype pollution vulnerability in beautify-web js-beautify 1.13.7 via the name variable in...
Critical
Unreviewed
CVE-2022-37609
was published
Oct 12, 2022
thlorenz browserify-shim vulnerable to prototype pollution
Critical
CVE-2022-37617
was published
for
browserify-shim
(npm)
Oct 12, 2022
tschaub gh-pages vulnerable to prototype pollution
Critical
CVE-2022-37611
was published
for
gh-pages
(npm)
Oct 12, 2022
Withdrawn: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in @xmldom/xmldom and xmldom
Critical
CVE-2022-37616
was published
for
@xmldom/xmldom
(npm)
Oct 11, 2022
•
withdrawn
express-xss-sanitizer vulnerable to Prototype Pollution via allowedTags attribute
Moderate
CVE-2022-21169
was published
for
express-xss-sanitizer
(npm)
Sep 27, 2022
ProTip!
Advisories are also available from the
GraphQL API