GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
365 advisories
Filter by severity
Bun has an Application-level Prototype Pollution vulnerability in the runtime native API for Glo
Moderate
CVE-2024-21548
was published
for
bun
(npm)
Dec 18, 2024
Prototype pollution in jsii.configureCategories
Low
GHSA-m56h-5xx3-2jc2
was published
for
jsii
(npm)
Dec 18, 2024
Prototype Pollution in the merge and clone helper methods
Moderate
CVE-2021-39227
was published
for
zrender
(npm)
Sep 20, 2021
@intlify/shared Prototype Pollution vulnerability
Moderate
CVE-2024-52810
was published
for
@intlify/shared
(npm)
Dec 2, 2024
convict vulnerable to Prototype Pollution
High
CVE-2023-0163
was published
for
convict
(npm)
Jan 10, 2023
@backstage/plugin-catalog-backend Prototype Pollution vulnerability
High
CVE-2024-45815
was published
for
@backstage/plugin-catalog-backend
(npm)
Sep 17, 2024
node-gettext vulnerable to Prototype Pollution
High
CVE-2024-21528
was published
for
node-gettext
(npm)
Sep 10, 2024
njwt Prototype Pollution vulnerability
High
CVE-2024-34273
was published
for
njwt
(npm)
May 16, 2024
Prototype pollution not blocked by object-path related utilities in hoolock
Moderate
CVE-2024-23339
was published
for
hoolock
(npm)
Jan 23, 2024
XSS in jQuery as used in Drupal, Backdrop CMS, and other products
Moderate
CVE-2019-11358
was published
for
django
(RubyGems)
Apr 26, 2019
DOMPurify vulnerable to tampering by prototype polution
Critical
CVE-2024-48910
was published
for
dompurify
(npm)
Oct 31, 2024
Prototype pollution vulnerability found in Mermaid's bundled version of DOMPurify
High
GHSA-m4gq-x24j-jpmf
was published
for
mermaid
(npm)
Oct 22, 2024
SAP HANA Node.js client package vulnerable to Prototype Pollution
Moderate
CVE-2024-45277
was published
for
@sap/hana-client
(npm)
Oct 8, 2024
@saltcorn/server Remote Code Execution (RCE) / SQL injection via prototype pollution by manipulating `lang` and `defstring` parameters when setting localizer strings
High
GHSA-78p3-fwcq-62c2
was published
for
@saltcorn/server
(npm)
Oct 3, 2024
uPlot Prototype Pollution vulnerability
High
CVE-2024-21489
was published
for
uplot
(npm)
Oct 1, 2024
DOMPurify allows tampering by prototype pollution
High
CVE-2024-45801
was published
for
dompurify
(npm)
Sep 16, 2024
dset Prototype Pollution vulnerability
High
CVE-2024-21529
was published
for
dset
(npm)
Sep 11, 2024
Prototype pollution in ag-grid-community via the _.mergeDeep function
High
CVE-2024-38996
was published
for
ag-grid-community
(npm)
Jul 1, 2024
Remote Code Execution via Script (Python) objects under Python 3
High
CVE-2021-32811
was published
for
Zope
(pip)
Aug 5, 2021
Remote Code Execution via unsafe classes in otherwise permitted modules
Moderate
CVE-2021-32807
was published
for
AccessControl
(pip)
Aug 5, 2021
ag-grid packages vulnerable to Prototype Pollution
Moderate
CVE-2024-39001
was published
for
@ag-grid-enterprise/charts
(npm)
Jul 1, 2024
mysql2 vulnerable to Prototype Poisoning
Moderate
CVE-2024-21509
was published
for
mysql2
(npm)
Apr 10, 2024
MiguelCastillo @bit/loader Prototype Pollution issue
High
CVE-2024-24293
was published
for
@bit/loader
(npm)
May 20, 2024
Prototype pollution in izatop bunt
Critical
CVE-2024-38989
was published
for
@bunt/app
(npm)
Aug 12, 2024
robinweser fast-loops vulnerable to prototype pollution
High
CVE-2024-39008
was published
for
fast-loops
(npm)
Jul 1, 2024
ProTip!
Advisories are also available from the
GraphQL API