GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,179
Erlang
31
GitHub Actions
19
Go
1,982
Maven
5,000+
npm
3,701
NuGet
656
pip
3,323
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+
28 advisories
Filter by severity
Prototype Pollution in algoliasearch-helper
Critical
CVE-2021-23433
was published
for
algoliasearch-helper
(npm)
Nov 23, 2021
Prototype pollution vulnerability in js-extend
Critical
CVE-2021-25945
was published
for
js-extend
(npm)
Jun 8, 2021
Prototype polluation in just-safe-set
Critical
CVE-2021-25952
was published
for
just-safe-set
(npm)
Dec 10, 2021
Prototype Pollution in connie-lang
Critical
CVE-2020-7706
was published
for
connie-lang
(npm)
May 6, 2021
Prototype Pollution in madlib-object-utils
Critical
CVE-2020-7701
was published
for
madlib-object-utils
(npm)
May 6, 2021
Prototype Pollution in nis-utils
Critical
CVE-2020-7703
was published
for
nis-utils
(npm)
May 6, 2021
Improperly Controlled Modification of Dynamically-Determined Object Attributes in Apache Struts
Critical
CVE-2019-0230
was published
for
org.apache.struts:struts2-core
(Maven)
Dec 2, 2021
Prototype Pollution in express-fileupload
Critical
CVE-2020-7699
was published
for
express-fileupload
(npm)
Aug 5, 2020
Prototype Pollution in property-expr
Critical
CVE-2020-7707
was published
for
property-expr
(npm)
May 6, 2021
Autobinding vulnerability in MITREid Connect
Critical
CVE-2021-27582
was published
for
org.mitre:openid-connect-parent
(Maven)
May 13, 2021
merge vulnerable to Prototype Pollution
Critical
CVE-2021-3645
was published
for
@viking04/merge
(npm)
Sep 13, 2021
Prototype Pollution in ini-parser
Critical
CVE-2020-7617
was published
for
ini-parser
(npm)
Jun 10, 2020
Prototype pollution in aurelia-path
Critical
CVE-2021-41097
was published
for
aurelia-path
(npm)
Sep 27, 2021
Prototype Pollution in merge-change
Critical
CVE-2021-23421
was published
for
merge-change
(npm)
Sep 1, 2021
Prototype pollution in object-hierarchy-access
Critical
CVE-2020-28270
was published
for
object-hierarchy-access
(npm)
Oct 12, 2021
objection.js Prototype Pollution vulnerability
Critical
CVE-2021-3766
was published
for
objection
(npm)
Sep 7, 2021
Prototype Pollution in irrelon-path and @irrelon/path
Critical
CVE-2020-7708
was published
for
@irrelon/path
(npm)
May 6, 2021
Deserialization of untrusted data in FasterXML jackson-databind
Critical
CVE-2019-14379
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Aug 1, 2019
set-getter Prototype Pollution Vulnerability
Critical
CVE-2021-25949
was published
for
set-getter
(npm)
Jun 21, 2021
ProTip!
Advisories are also available from the
GraphQL API