GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
412 advisories
Filter by severity
steal vulnerable to Prototype Pollution via optionName variable
Critical
CVE-2022-37264
was published
for
steal
(npm)
Sep 16, 2022
Mongoose Vulnerable to Prototype Pollution in Schema Object
Critical
CVE-2022-24304
was published
for
mongoose
(npm)
Aug 27, 2022
A vulnerability found in postgresql. On this security issue an attack requires permission to...
High
Unreviewed
CVE-2022-2625
was published
Aug 19, 2022
ts-deepmerge before 2.0.2 vulnerable to Prototype Pollution
Critical
CVE-2022-25907
was published
for
ts-deepmerge
(npm)
Aug 10, 2022
automattic/mongoose vulnerable to Prototype pollution via Schema.path
High
CVE-2022-2564
was published
for
mongoose
(npm)
Jul 29, 2022
conf-cfg-ini Prototype Pollution via malicious INI file before v1.2.2
Critical
CVE-2020-28441
was published
for
conf-cfg-ini
(npm)
Jul 26, 2022
js-ini Prorotype Pollution when malicious INI files submitted to an application that parses it with `parse`
Critical
CVE-2020-28461
was published
for
js-ini
(npm)
Jul 26, 2022
ion-parser Prototype Pollution when malicious INI file submitted to application that parses with `parse`
Critical
CVE-2020-28462
was published
for
ion-parser
(npm)
Jul 26, 2022
set-deep-prop Prototype Pollution
Critical
CVE-2021-23373
was published
for
set-deep-prop
(npm)
Jul 26, 2022
@ianwalter/merge Prototype Pollution via `merge` function
Moderate
CVE-2021-23397
was published
for
@ianwalter/merge
(npm)
Jul 26, 2022
Properties-Reader before v2.2.0 vulnerable to prototype pollution
Critical
CVE-2020-28471
was published
for
properties-reader
(npm)
Jul 19, 2022
grunt-util-property 0.0.2 function call can add/modify properties of Object.prototype using a __proto__ payload
High
CVE-2020-7641
was published
for
grunt-util-property
(npm)
Jul 18, 2022
Prototype Pollution in deep.assign
Critical
CVE-2021-40663
was published
for
deep.assign
(npm)
Jul 1, 2022
Prototype Pollution in deep-get-set
High
CVE-2022-21231
was published
for
deep-get-set
(npm)
Jun 25, 2022
Prototype Pollution in querymen
Moderate
CVE-2022-25871
was published
for
querymen
(npm)
Jun 18, 2022
Prototype Pollution in protobufjs
High
CVE-2022-25878
was published
for
protobufjs
(npm)
May 28, 2022
mootools-more vulnerable to prototype pollution
High
CVE-2021-20088
was published
for
mootools-more
(npm)
May 24, 2022
deep-defaults vulnerable to prototype pollution
Critical
CVE-2021-25944
was published
for
deep-defaults
(npm)
May 24, 2022
jquery-plugin-query-object contains prototype pollution vulnerability
High
CVE-2021-20083
was published
for
jquery-query-object
(npm)
May 24, 2022
Changeset vulnerable to prototype pollution
Critical
CVE-2021-25915
was published
for
changeset
(npm)
May 24, 2022
dset vulnerable to prototype pollution
Critical
CVE-2020-28277
was published
for
dset
(npm)
May 24, 2022
shvl vulnerable to prototype pollution
Critical
CVE-2020-28278
was published
for
shvl
(npm)
May 24, 2022
flattenizer vulnerable to prototype pollution
Critical
CVE-2020-28279
was published
for
flattenizer
(npm)
May 24, 2022
Prototype pollution vulnerability in 'deep-set'
Critical
CVE-2020-28276
was published
for
deep-set
(npm)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API