GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
81 advisories
Filter by severity
xml2js is vulnerable to prototype pollution
Moderate
CVE-2023-0842
was published
for
xml2js
(npm)
Apr 5, 2023
Prototype Pollution in Visioweb.js 1.10.6 allows attackers to execute XSS on the client system.
Moderate
Unreviewed
CVE-2022-3901
was published
Feb 20, 2023
deep-object-diff vulnerable to Prototype Pollution
Moderate
CVE-2022-41713
was published
for
deep-object-diff
(npm)
Nov 4, 2022
fastest-json-copy vulnerable to Prototype Pollution
Moderate
CVE-2022-41714
was published
for
fastest-json-copy
(npm)
Nov 4, 2022
deep-parse-json vulnerable to Prototype Pollution
Moderate
CVE-2022-42743
was published
for
deep-parse-json
(npm)
Nov 4, 2022
express-xss-sanitizer vulnerable to Prototype Pollution via allowedTags attribute
Moderate
CVE-2022-21169
was published
for
express-xss-sanitizer
(npm)
Sep 27, 2022
@ianwalter/merge Prototype Pollution via `merge` function
Moderate
CVE-2021-23397
was published
for
@ianwalter/merge
(npm)
Jul 26, 2022
Prototype Pollution in querymen
Moderate
CVE-2022-25871
was published
for
querymen
(npm)
Jun 18, 2022
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the UpgradeWizard...
Moderate
Unreviewed
CVE-2019-17317
was published
May 24, 2022
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Administration...
Moderate
Unreviewed
CVE-2019-17315
was published
May 24, 2022
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Import module by a...
Moderate
Unreviewed
CVE-2019-17316
was published
May 24, 2022
Sandbox escape in notevil and argencoders-notevil
Moderate
CVE-2021-23771
was published
for
argencoders-notevil
(npm)
Mar 18, 2022
The jQuery deserialize library in Fisheye and Crucible before version 4.8.9 allowed remote...
Moderate
Unreviewed
CVE-2021-43956
was published
Mar 17, 2022
Prototype Pollution in jquery.cookie
Moderate
CVE-2022-23395
was published
for
jquery.cookie
(NuGet)
Mar 3, 2022
Prototype Pollution in GitHub repository mastodon/mastodon prior to 3.5.0.
Moderate
Unreviewed
CVE-2022-0432
was published
Feb 3, 2022
Client-Side JavaScript Prototype Pollution in oro/platform
Moderate
CVE-2021-43852
was published
for
oro/platform
(Composer)
Jan 6, 2022
Prototype Pollution in merge-deep2.
Moderate
CVE-2021-23700
was published
for
merge-deep2
(npm)
Dec 16, 2021
Improperly Controlled Modification of Dynamically-Determined Object Attributes in express-mock-middleware
Moderate
CVE-2020-7616
was published
for
express-mock-middleware
(npm)
Dec 9, 2021
ProTip!
Advisories are also available from the
GraphQL API