Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

367 advisories

Loading
If an object prototype was corrupted by an attacker, they would have been able to set undesired... High Unreviewed
CVE-2022-2200 was published Dec 22, 2022
dustjs-linkedin vulnerable to Prototype Pollution High
CVE-2021-4264 was published for dustjs-linkedin (npm) Dec 21, 2022
safe-eval vulnerable to Prototype Pollution Critical
CVE-2022-25904 was published for safe-eval (npm) Dec 20, 2022
FurqanSoftware/node-whois vulnerable to Prototype Pollution Critical
CVE-2020-36618 was published for whois (npm) Dec 19, 2022
npm package rfc6902 vulnerable to Prototype Pollution Critical
CVE-2021-4245 was published for rfc6902 (npm) Dec 15, 2022
qs vulnerable to Prototype Pollution High
CVE-2022-24999 was published for qs (npm) Nov 27, 2022
dougwilson
Parse Server is vulnerable to Prototype Pollution via Cloud Code Webhooks High
CVE-2022-41879 was published for parse-server (npm) Nov 10, 2022
Parse Server vulnerable to Prototype Pollution via Cloud Code Webhooks or Cloud Code Triggers High
CVE-2022-41878 was published for parse-server (npm) Nov 9, 2022
Remote code execution via MongoDB BSON parser through prototype pollution Critical
CVE-2022-39396 was published for parse-server (npm) Nov 8, 2022
fastest-json-copy vulnerable to Prototype Pollution Moderate
CVE-2022-41714 was published for fastest-json-copy (npm) Nov 4, 2022
deep-parse-json vulnerable to Prototype Pollution Moderate
CVE-2022-42743 was published for deep-parse-json (npm) Nov 4, 2022
deep-object-diff vulnerable to Prototype Pollution Moderate
CVE-2022-41713 was published for deep-object-diff (npm) Nov 4, 2022
diracdeltas ThisIsMissEm
odmana anogr
thlorenz browserify-shim vulnerable to prototype pollution Critical
CVE-2022-37623 was published for browserify-shim (npm) Oct 31, 2022
thlorenz browserify-shim vulnerable to prototype pollution Critical
CVE-2022-37621 was published for browserify-shim (npm) Oct 29, 2022
Prototype pollution in Snowboard framework High
CVE-2022-39357 was published for wintercms/winter (Composer) Oct 27, 2022
Feather-Sequelize cleanQuery method vulnerable to Prototype Pollution Critical
CVE-2022-29823 was published for feathers-sequelize (npm) Oct 26, 2022
Churro
Prototype pollution vulnerability in function DEFNODE in ast.js in mishoo UglifyJS 3.13.2 via the... Critical Unreviewed
CVE-2022-37598 was published Oct 20, 2022
Grunt-karma vulnerable to prototype pollution Critical
CVE-2022-37602 was published for grunt-karma (npm) Oct 14, 2022
Prototype pollution in webpack loader-utils Critical
CVE-2022-37601 was published for loader-utils (npm) Oct 13, 2022
westonsteimel kennylindley
mockery is vulnerable to prototype pollution Critical
CVE-2022-37614 was published for mockery (npm) Oct 12, 2022
akaustav
Prototype pollution vulnerability in beautify-web js-beautify 1.13.7 via the name variable in... Critical Unreviewed
CVE-2022-37609 was published Oct 12, 2022
thlorenz browserify-shim vulnerable to prototype pollution Critical
CVE-2022-37617 was published for browserify-shim (npm) Oct 12, 2022
tschaub gh-pages vulnerable to prototype pollution Critical
CVE-2022-37611 was published for gh-pages (npm) Oct 12, 2022
Withdrawn: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in @xmldom/xmldom and xmldom Critical
CVE-2022-37616 was published for @xmldom/xmldom (npm) Oct 11, 2022 withdrawn
secdevlpr26 bchew
tzimmermann mrtc0 karfau
express-xss-sanitizer vulnerable to Prototype Pollution via allowedTags attribute Moderate
CVE-2022-21169 was published for express-xss-sanitizer (npm) Sep 27, 2022
ProTip! Advisories are also available from the GraphQL API