Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

150 advisories

Loading
mysql2 vulnerable to Prototype Pollution High
CVE-2024-21512 was published for mysql2 (npm) May 30, 2024
json-schema-ref-parser Prototype Pollution issue High
CVE-2024-29651 was published for @apidevtools/json-schema-ref-parser (npm) May 20, 2024
Conform contains a Prototype Pollution Vulnerability in `parseWith...` function High
CVE-2024-32866 was published for @conform-to/dom (npm) Apr 23, 2024
key-moon vtsvetkov-splunk
@andrei-tatar/nora-firebase-common Prototype Pollution vulnerability High
CVE-2024-30564 was published for @andrei-tatar/nora-firebase-common (npm) Apr 18, 2024
web3-utils Prototype Pollution vulnerability High
CVE-2024-21505 was published for web3-utils (npm) Mar 27, 2024
@thi.ng/paths Prototype Pollution vulnerability High
CVE-2024-29650 was published for @thi.ng/paths (npm) Mar 25, 2024
Duplicate Advisory: web3-utils Prototype Pollution vulnerability High
GHSA-87qp-7cw8-8q9c was published for web3-utils (npm) Mar 25, 2024 withdrawn
A prototype pollution vulnerability has been reported to affect several QNAP operating system... High Unreviewed
CVE-2023-39296 was published Jan 5, 2024
mockjs vulnerable to Prototype Pollution via the Util.extend function High
CVE-2023-26158 was published for mockjs (npm) Dec 8, 2023
sequelize-typescript Prototype Pollution vulnerability High
CVE-2023-6293 was published for sequelize-typescript (npm) Nov 24, 2023
Prototype Pollution(PP) vulnerability in setByPath High
CVE-2023-45827 was published for @clickbar/dot-diver (npm) Nov 3, 2023
d3ng03 GAP-dev
Synchrony deobfuscator prototype pollution vulnerability leading to arbitrary code execution High
CVE-2023-45811 was published for deobfuscator (npm) Oct 18, 2023
SteakEnthusiast
Prototype Pollution in NASA Open MCT High
CVE-2023-45282 was published for openmct (npm) Oct 6, 2023
underscore-keypath vulnerable to Prototype Pollution High
CVE-2023-26139 was published for underscore-keypath (npm) Aug 1, 2023
flatnest Prototype Pollution vulnerability High
CVE-2023-26135 was published for flatnest (npm) Jun 30, 2023
progressbar.js vulnerable to Prototype Pollution High
CVE-2023-26133 was published for progressbar.js (npm) Jun 12, 2023
kimmobrunfeldt juburr
dottie vulnerable to Prototype Pollution High
CVE-2023-26132 was published for dottie (npm) Jun 10, 2023
Prototype Pollution in sheetJS High
CVE-2023-30533 was published for xlsx (npm) Apr 24, 2023
pmartinat stof
Prototype pollution in matrix-js-sdk (part 2) High
CVE-2023-28427 was published for matrix-js-sdk (npm) Mar 30, 2023
Prototype pollution in matrix-react-sdk High
CVE-2023-28103 was published for matrix-react-sdk (npm) Mar 29, 2023
matrix-react-sdk Prototype pollution vulnerability High
CVE-2022-36060 was published for matrix-react-sdk (npm) Mar 28, 2023
matrix-js-sdk Prototype Pollution vulnerability High
CVE-2022-36059 was published for matrix-js-sdk (npm) Mar 28, 2023
Collection.js vulnerable to Prototype Pollution High
CVE-2023-26113 was published for collection.js (npm) Mar 18, 2023
dot-lens vulnerable to Prototype Pollution High
CVE-2023-26106 was published for dot-lens (npm) Mar 6, 2023
mde utilities contains Prototype Pollution High
CVE-2023-26105 was published for utilities (npm) Feb 28, 2023
phanect
ProTip! Advisories are also available from the GraphQL API