Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

365 advisories

Loading
Prototype pollution in Snowboard framework High
CVE-2022-39357 was published for wintercms/winter (Composer) Oct 27, 2022
Feather-Sequelize cleanQuery method vulnerable to Prototype Pollution Critical
CVE-2022-29823 was published for feathers-sequelize (npm) Oct 26, 2022
Churro
Grunt-karma vulnerable to prototype pollution Critical
CVE-2022-37602 was published for grunt-karma (npm) Oct 14, 2022
Prototype pollution in webpack loader-utils Critical
CVE-2022-37601 was published for loader-utils (npm) Oct 13, 2022
westonsteimel kennylindley
mockery is vulnerable to prototype pollution Critical
CVE-2022-37614 was published for mockery (npm) Oct 12, 2022
akaustav
thlorenz browserify-shim vulnerable to prototype pollution Critical
CVE-2022-37617 was published for browserify-shim (npm) Oct 12, 2022
tschaub gh-pages vulnerable to prototype pollution Critical
CVE-2022-37611 was published for gh-pages (npm) Oct 12, 2022
Withdrawn: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in @xmldom/xmldom and xmldom Critical
CVE-2022-37616 was published for @xmldom/xmldom (npm) Oct 11, 2022 withdrawn
secdevlpr26 bchew
tzimmermann mrtc0 karfau
express-xss-sanitizer vulnerable to Prototype Pollution via allowedTags attribute Moderate
CVE-2022-21169 was published for express-xss-sanitizer (npm) Sep 27, 2022
hoek subject to prototype pollution via the clone function. High
CVE-2020-36604 was published for @hapi/hoek (npm) Sep 25, 2022
levpachmanov
steal vulnerable to Prototype Pollution via alias variable Critical
CVE-2022-37265 was published for steal (npm) Sep 21, 2022
steal vulnerable to Prototype Pollution Critical
CVE-2022-37258 was published for steal (npm) Sep 17, 2022
steal vulnerable to Prototype Pollution via requestedVersion variable Critical
CVE-2022-37257 was published for steal (npm) Sep 16, 2022
steal vulnerable to Prototype Pollution via key variable in babel.js Critical
CVE-2022-37266 was published for steal (npm) Sep 16, 2022
steal vulnerable to Prototype Pollution via optionName variable Critical
CVE-2022-37264 was published for steal (npm) Sep 16, 2022
Mongoose Vulnerable to Prototype Pollution in Schema Object Critical
CVE-2022-24304 was published for mongoose (npm) Aug 27, 2022
ts-deepmerge before 2.0.2 vulnerable to Prototype Pollution Critical
CVE-2022-25907 was published for ts-deepmerge (npm) Aug 10, 2022
automattic/mongoose vulnerable to Prototype pollution via Schema.path High
CVE-2022-2564 was published for mongoose (npm) Jul 29, 2022
vovikhangcdv neeraj-vts
conf-cfg-ini Prototype Pollution via malicious INI file before v1.2.2 Critical
CVE-2020-28441 was published for conf-cfg-ini (npm) Jul 26, 2022
ion-parser Prototype Pollution when malicious INI file submitted to application that parses with `parse` Critical
CVE-2020-28462 was published for ion-parser (npm) Jul 26, 2022
set-deep-prop Prototype Pollution Critical
CVE-2021-23373 was published for set-deep-prop (npm) Jul 26, 2022
@ianwalter/merge Prototype Pollution via `merge` function Moderate
CVE-2021-23397 was published for @ianwalter/merge (npm) Jul 26, 2022
RDIL
Properties-Reader before v2.2.0 vulnerable to prototype pollution Critical
CVE-2020-28471 was published for properties-reader (npm) Jul 19, 2022
grunt-util-property 0.0.2 function call can add/modify properties of Object.prototype using a __proto__ payload High
CVE-2020-7641 was published for grunt-util-property (npm) Jul 18, 2022
ProTip! Advisories are also available from the GraphQL API