GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
412 advisories
Filter by severity
Prototype Pollution in @commercial/subtext
High
GHSA-36c4-4r89-6whg
was published
for
@commercial/subtext
(npm)
Sep 3, 2020
Improperly Controlled Modification of Object Prototype Attributes
High
GHSA-6cj2-92m5-7mvp
was published
for
think-config
(npm)
Aug 3, 2021
Prototype Pollution in node-forge debug API.
Low
GHSA-5rrq-pxf6-6jx5
was published
for
node-forge
(npm)
Jan 8, 2022
Prototype pollution in min-dash < 3.8.1
High
GHSA-2m53-83f3-562j
was published
for
min-dash
(npm)
Feb 1, 2022
Command injection in Parse Server through prototype pollution
Critical
CVE-2022-24760
was published
for
parse-server
(npm)
Mar 11, 2022
The jQuery deserialize library in Fisheye and Crucible before version 4.8.9 allowed remote...
Moderate
Unreviewed
CVE-2021-43956
was published
Mar 17, 2022
yargs-parser Vulnerable to Prototype Pollution
Moderate
CVE-2020-7608
was published
for
yargs-parser
(npm)
Sep 4, 2020
Prototype Pollution in algoliasearch-helper
Critical
CVE-2021-23433
was published
for
algoliasearch-helper
(npm)
Nov 23, 2021
Prototype pollution vulnerability in js-extend
Critical
CVE-2021-25945
was published
for
js-extend
(npm)
Jun 8, 2021
Prototype polluation in just-safe-set
Critical
CVE-2021-25952
was published
for
just-safe-set
(npm)
Dec 10, 2021
Prototype Pollution in libnested
Critical
CVE-2022-25352
was published
for
libnested
(npm)
Mar 18, 2022
Sandbox escape in notevil and argencoders-notevil
Moderate
CVE-2021-23771
was published
for
argencoders-notevil
(npm)
Mar 18, 2022
Prototype pollution in supermixer
High
CVE-2020-24939
was published
for
supermixer
(npm)
Dec 10, 2021
Prototype Pollution in deepmerge-ts
High
CVE-2022-24802
was published
for
deepmerge-ts
(npm)
Apr 1, 2022
If an object prototype was corrupted by an attacker, they would have been able to set undesired...
High
Unreviewed
CVE-2022-2200
was published
Dec 22, 2022
Prototype Pollution in fullpage.js
High
CVE-2022-1295
was published
for
fullpage.js
(npm)
Apr 12, 2022
Prototype Pollution in madlib-object-utils
High
CVE-2022-24279
was published
for
madlib-object-utils
(npm)
Apr 16, 2022
ProTip!
Advisories are also available from the
GraphQL API