GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
373 advisories
Synchrony deobfuscator prototype pollution vulnerability leading to arbitrary code execution
High
CVE-2023-45811
was published
for
deobfuscator
(npm)
Oct 18, 2023
@pdfme/common vulnerable to to XSS and Prototype Pollution through its expression evaluation
Moderate
CVE-2025-53626
was published
for
@pdfme/common
(npm)
Jul 10, 2025
hoek subject to prototype pollution via the clone function.
High
CVE-2020-36604
was published
for
@hapi/hoek
(npm)
Sep 25, 2022
radashi Allows Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Moderate
CVE-2025-48054
was published
for
radashi
(npm)
May 27, 2025
js-object-utilities Vulnerable to Prototype Pollution
High
CVE-2025-28269
was published
for
js-object-utilities
(npm)
Apr 7, 2025
node-opcua-alarm-condition prototype pollution vulnerability
High
CVE-2024-57086
was published
for
node-opcua-alarm-condition
(npm)
Feb 6, 2025
estree-util-value-to-estree allows prototype pollution in generated ESTree
Moderate
CVE-2025-32014
was published
for
estree-util-value-to-estree
(npm)
Apr 7, 2025
Duplicate Advisory: @alizeait/unflatto Prototype Pollution via `exports.unflatto` Method
High
GHSA-799q-f2px-wx8c
was published
for
@alizeait/unflatto
(npm)
Mar 28, 2025
•
withdrawn
Prototype Pollution Vulnerability in parse-git-config
High
CVE-2025-25975
was published
for
parse-git-config
(npm)
Mar 12, 2025
@zag-js/core prototype pollution
High
CVE-2024-57079
was published
for
@zag-js/core
(npm)
Feb 6, 2025
canvg Prototype Pollution vulnerability
High
CVE-2025-25977
was published
for
canvg
(npm)
Mar 10, 2025
Vue I18n Allows Prototype Pollution in `handleFlatJson`
High
CVE-2025-27597
was published
for
@intlify/core
(npm)
Mar 7, 2025
ProTip!
Advisories are also available from the
GraphQL API