Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

68 advisories

Loading
Sandbox Breakout / Prototype Pollution in notevil Moderate
GHSA-9gxr-rhx6-4jgv was published for notevil (npm) Sep 4, 2020
Prototype Pollution in smart-extend Moderate
GHSA-f8h3-rqrm-47v9 was published for smart-extend (npm) Sep 2, 2020
Prototype Pollution in mergify Moderate
GHSA-3f95-w5h5-fq86 was published for mergify (npm) Sep 11, 2020
yargs-parser Vulnerable to Prototype Pollution Moderate
CVE-2020-7608 was published for yargs-parser (npm) Sep 4, 2020
Prototype Pollution in bodymen Moderate
CVE-2022-25296 was published for bodymen (npm) Mar 18, 2022
Sandbox escape in notevil and argencoders-notevil Moderate
CVE-2021-23771 was published for argencoders-notevil (npm) Mar 18, 2022
Prototype Pollution in json-pointer Moderate
CVE-2021-23820 was published for json-pointer (npm) Nov 8, 2021
G-Rath
Prototype Pollution in querymen Moderate
CVE-2022-25871 was published for querymen (npm) Jun 18, 2022
Prototype pollution in json-pointer Moderate
CVE-2020-7709 was published for json-pointer (npm) May 10, 2021
Prototype Pollution in open-graph Moderate
CVE-2021-23419 was published for open-graph (npm) Sep 1, 2021
Improperly Controlled Modification of Dynamically-Determined Object Attributes in vega-util Moderate
CVE-2019-10806 was published for vega-util (npm) May 7, 2021
Prototype Pollution in sds Moderate
CVE-2020-7618 was published for sds (npm) Sep 3, 2020
Improperly Controlled Modification of Dynamically-Determined Object Attributes in express-mock-middleware Moderate
CVE-2020-7616 was published for express-mock-middleware (npm) Dec 9, 2021
Improperly Controlled Modification of Dynamically-Determined Object Attributes in querymen Moderate
CVE-2020-7600 was published for querymen (npm) May 7, 2021
confinit vulnerable to prototype pollution Moderate
CVE-2020-7638 was published for confinit (npm) Apr 7, 2020
Prototype pollution in multi-ini Moderate
CVE-2020-28460 was published for multi-ini (npm) Apr 13, 2021
Prototype pollution in class-transformer Moderate
CVE-2020-7637 was published for class-transformer (npm) Apr 7, 2020
deep-object-diff vulnerable to Prototype Pollution Moderate
CVE-2022-41713 was published for deep-object-diff (npm) Nov 4, 2022
diracdeltas ThisIsMissEm
odmana anogr
express-xss-sanitizer vulnerable to Prototype Pollution via allowedTags attribute Moderate
CVE-2022-21169 was published for express-xss-sanitizer (npm) Sep 27, 2022
deep-parse-json vulnerable to Prototype Pollution Moderate
CVE-2022-42743 was published for deep-parse-json (npm) Nov 4, 2022
fastest-json-copy vulnerable to Prototype Pollution Moderate
CVE-2022-41714 was published for fastest-json-copy (npm) Nov 4, 2022
Prototype poisoning Moderate
CVE-2021-21368 was published for msgpack5 (npm) Mar 12, 2021
ninevra
Prototype Pollution in the merge and clone helper methods Moderate
CVE-2021-39227 was published for zrender (npm) Sep 20, 2021
Asjidkalam huntr-helper
@ianwalter/merge Prototype Pollution via `merge` function Moderate
CVE-2021-23397 was published for @ianwalter/merge (npm) Jul 26, 2022
RDIL
Prototype Pollution in dset Moderate
CVE-2022-25645 was published for dset (Maven) May 3, 2022
ProTip! Advisories are also available from the GraphQL API