GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
365 advisories
Filter by severity
Prototype Pollution in set-value
Critical
CVE-2019-10747
was published
for
set-value
(npm)
Aug 27, 2019
assign-deep Vulnerable to Prototype Pollution
High
CVE-2019-10745
was published
for
assign-deep
(npm)
Aug 21, 2019
Deserialization of untrusted data in FasterXML jackson-databind
Critical
CVE-2019-14379
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Aug 1, 2019
Prototype Pollution in @apollo/gateway
High
GHSA-74cr-77xc-8g6r
was published
for
@apollo/gateway
(npm)
Jun 13, 2019
Prototype Pollution in querystringify
High
GHSA-hxcm-v35h-mg2x
was published
for
querystringify
(npm)
Jun 7, 2019
XSS in jQuery as used in Drupal, Backdrop CMS, and other products
Moderate
CVE-2019-11358
was published
for
django
(RubyGems)
Apr 26, 2019
Prototype Pollution in just-extend
Critical
CVE-2018-16489
was published
for
just-extend
(npm)
Feb 7, 2019
Prototype Pollution in async merge-object
Critical
CVE-2018-3753
was published
for
merge-object
(npm)
Sep 18, 2018
Prototype Pollution in assign-deep
High
CVE-2018-3720
was published
for
assign-deep
(npm)
Jul 26, 2018
ProTip!
Advisories are also available from the
GraphQL API