Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

352 advisories

Loading
Grunt-karma vulnerable to prototype pollution Critical
CVE-2022-37602 was published for grunt-karma (npm) Oct 14, 2022
Prototype pollution in webpack loader-utils Critical
CVE-2022-37601 was published for loader-utils (npm) Oct 13, 2022
westonsteimel kennylindley
mockery is vulnerable to prototype pollution Critical
CVE-2022-37614 was published for mockery (npm) Oct 12, 2022
akaustav
tschaub gh-pages vulnerable to prototype pollution Critical
CVE-2022-37611 was published for gh-pages (npm) Oct 12, 2022
thlorenz browserify-shim vulnerable to prototype pollution Critical
CVE-2022-37617 was published for browserify-shim (npm) Oct 12, 2022
Withdrawn: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in @xmldom/xmldom and xmldom Critical
CVE-2022-37616 was published for @xmldom/xmldom (npm) Oct 11, 2022 withdrawn
secdevlpr26 bchew
tzimmermann mrtc0 karfau
express-xss-sanitizer vulnerable to Prototype Pollution via allowedTags attribute Moderate
CVE-2022-21169 was published for express-xss-sanitizer (npm) Sep 27, 2022
hoek subject to prototype pollution via the clone function. High
CVE-2020-36604 was published for @hapi/hoek (npm) Sep 25, 2022
levpachmanov
steal vulnerable to Prototype Pollution via alias variable Critical
CVE-2022-37265 was published for steal (npm) Sep 21, 2022
steal vulnerable to Prototype Pollution Critical
CVE-2022-37258 was published for steal (npm) Sep 17, 2022
steal vulnerable to Prototype Pollution via key variable in babel.js Critical
CVE-2022-37266 was published for steal (npm) Sep 16, 2022
steal vulnerable to Prototype Pollution via requestedVersion variable Critical
CVE-2022-37257 was published for steal (npm) Sep 16, 2022
steal vulnerable to Prototype Pollution via optionName variable Critical
CVE-2022-37264 was published for steal (npm) Sep 16, 2022
Mongoose Vulnerable to Prototype Pollution in Schema Object Critical
CVE-2022-24304 was published for mongoose (npm) Aug 27, 2022
ts-deepmerge before 2.0.2 vulnerable to Prototype Pollution Critical
CVE-2022-25907 was published for ts-deepmerge (npm) Aug 10, 2022
automattic/mongoose vulnerable to Prototype pollution via Schema.path High
CVE-2022-2564 was published for mongoose (npm) Jul 29, 2022
vovikhangcdv neeraj-vts
conf-cfg-ini Prototype Pollution via malicious INI file before v1.2.2 Critical
CVE-2020-28441 was published for conf-cfg-ini (npm) Jul 26, 2022
ion-parser Prototype Pollution when malicious INI file submitted to application that parses with `parse` Critical
CVE-2020-28462 was published for ion-parser (npm) Jul 26, 2022
set-deep-prop Prototype Pollution Critical
CVE-2021-23373 was published for set-deep-prop (npm) Jul 26, 2022
@ianwalter/merge Prototype Pollution via `merge` function Moderate
CVE-2021-23397 was published for @ianwalter/merge (npm) Jul 26, 2022
RDIL
Properties-Reader before v2.2.0 vulnerable to prototype pollution Critical
CVE-2020-28471 was published for properties-reader (npm) Jul 19, 2022
grunt-util-property 0.0.2 function call can add/modify properties of Object.prototype using a __proto__ payload High
CVE-2020-7641 was published for grunt-util-property (npm) Jul 18, 2022
Prototype Pollution in deep.assign Critical
CVE-2021-40663 was published for deep.assign (npm) Jul 1, 2022
Prototype Pollution in deep-get-set High
CVE-2022-21231 was published for deep-get-set (npm) Jun 25, 2022
ProTip! Advisories are also available from the GraphQL API