Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,179
Erlang
31
GitHub Actions
19
Go
1,982
Maven
5,000+
npm
3,701
NuGet
656
pip
3,323
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+

149 advisories

Loading
Prototype pollution vulnerability found in Mermaid's bundled version of DOMPurify High
GHSA-m4gq-x24j-jpmf was published for mermaid (npm) Oct 22, 2024
aloisklink sidharthv96
ashishjain0512 mlevy-parasoft byt3n33dl3
@saltcorn/server Remote Code Execution (RCE) / SQL injection via prototype pollution by manipulating `lang` and `defstring` parameters when setting localizer strings High
GHSA-78p3-fwcq-62c2 was published for @saltcorn/server (npm) Oct 3, 2024
dellalibera
uPlot Prototype Pollution vulnerability High
CVE-2024-21489 was published for uplot (npm) Oct 1, 2024
DOMPurify allows tampering by prototype pollution High
CVE-2024-45801 was published for dompurify (npm) Sep 16, 2024
eslerm cure53
dset Prototype Pollution vulnerability High
CVE-2024-21529 was published for dset (npm) Sep 11, 2024
Prototype pollution in ag-grid-community via the _.mergeDeep function High
CVE-2024-38996 was published for ag-grid-community (npm) Jul 1, 2024
kiril-matev
MiguelCastillo @bit/loader Prototype Pollution issue High
CVE-2024-24293 was published for @bit/loader (npm) May 20, 2024
robinweser fast-loops vulnerable to prototype pollution High
CVE-2024-39008 was published for fast-loops (npm) Jul 1, 2024
@75lb/deep-merge Prototype Pollution vulnerability High
CVE-2024-38986 was published for @75lb/deep-merge (npm) Jul 30, 2024
thewilkybarkid
jrburke requirejs vulnerable to prototype pollution High
CVE-2024-38999 was published for requirejs (npm) Jul 1, 2024
BlazingWizard
Badger Database Prototype Pollution High
CVE-2024-36581 was published for @abw/badger-database (npm) Jun 17, 2024
Object Resolver Prototype Pollution High
CVE-2024-36577 was published for @apphp/object-resolver (npm) Jun 17, 2024
@amoy/common v was discovered to contain a prototype pollution via the function extend High
CVE-2024-38994 was published for @amoy/common (npm) Jul 1, 2024
frappejs was discovered to contain a prototype pollution via the function registerView High
CVE-2024-38992 was published for @airvertco/frappejs (npm) Jul 1, 2024
akbr patch-into was discovered to contain a prototype pollution via the function patchInto High
CVE-2024-38991 was published for @akbr/patch-into (npm) Jul 1, 2024
Prototype Pollution in async High
CVE-2021-43138 was published for async (npm) Apr 7, 2022
dargmuesli FrederikBolding
jomi-se azaleski morenol MaxLian11
datatables.net vulnerable to Prototype Pollution due to incomplete fix High
CVE-2020-28458 was published for datatables.net (npm) Dec 17, 2020
Conform contains a Prototype Pollution Vulnerability in `parseWith...` function High
CVE-2024-32866 was published for @conform-to/dom (npm) Apr 23, 2024
key-moon vtsvetkov-splunk
mysql2 vulnerable to Prototype Pollution High
CVE-2024-21512 was published for mysql2 (npm) May 30, 2024
json-schema-ref-parser Prototype Pollution issue High
CVE-2024-29651 was published for @apidevtools/json-schema-ref-parser (npm) May 20, 2024
Prototype Pollution in immer High
CVE-2021-3757 was published for immer (npm) Sep 7, 2021
levpachmanov
mootools-more vulnerable to prototype pollution High
CVE-2021-20088 was published for mootools-more (npm) May 24, 2022
@andrei-tatar/nora-firebase-common Prototype Pollution vulnerability High
CVE-2024-30564 was published for @andrei-tatar/nora-firebase-common (npm) Apr 18, 2024
web3-utils Prototype Pollution vulnerability High
CVE-2024-21505 was published for web3-utils (npm) Mar 27, 2024
Duplicate Advisory: web3-utils Prototype Pollution vulnerability High
GHSA-87qp-7cw8-8q9c was published for web3-utils (npm) Mar 25, 2024 withdrawn
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database