Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

28 advisories

Loading
Prototype Pollution Critical
CVE-2021-25948 was published for expand-hash (npm) Jun 21, 2021
Prototype Pollution in algoliasearch-helper Critical
CVE-2021-23433 was published for algoliasearch-helper (npm) Nov 23, 2021
Prototype pollution vulnerability in js-extend Critical
CVE-2021-25945 was published for js-extend (npm) Jun 8, 2021
Prototype polluation in just-safe-set Critical
CVE-2021-25952 was published for just-safe-set (npm) Dec 10, 2021
Prototype Pollution in locutus Critical
CVE-2020-7719 was published for locutus (npm) May 6, 2021
Prototype Pollution in connie-lang Critical
CVE-2020-7706 was published for connie-lang (npm) May 6, 2021
Prototype Pollution in madlib-object-utils Critical
CVE-2020-7701 was published for madlib-object-utils (npm) May 6, 2021
Prototype Pollution in nis-utils Critical
CVE-2020-7703 was published for nis-utils (npm) May 6, 2021
Improperly Controlled Modification of Dynamically-Determined Object Attributes in Apache Struts Critical
CVE-2019-0230 was published for org.apache.struts:struts2-core (Maven) Dec 2, 2021
Prototype Pollution in express-fileupload Critical
CVE-2020-7699 was published for express-fileupload (npm) Aug 5, 2020
Prototype Pollution in property-expr Critical
CVE-2020-7707 was published for property-expr (npm) May 6, 2021
Prototype Pollution in templ8 Critical
CVE-2020-7702 was published for templ8 (npm) May 6, 2021
Autobinding vulnerability in MITREid Connect Critical
CVE-2021-27582 was published for org.mitre:openid-connect-parent (Maven) May 13, 2021
merge vulnerable to Prototype Pollution Critical
CVE-2021-3645 was published for @viking04/merge (npm) Sep 13, 2021
Prototype Pollution in ini-parser Critical
CVE-2020-7617 was published for ini-parser (npm) Jun 10, 2020
Prototype pollution in aurelia-path Critical
CVE-2021-41097 was published for aurelia-path (npm) Sep 27, 2021
msrkp
Prototype Pollution in merge-change Critical
CVE-2021-23421 was published for merge-change (npm) Sep 1, 2021
Prototype pollution in object-hierarchy-access Critical
CVE-2020-28270 was published for object-hierarchy-access (npm) Oct 12, 2021
Prototype Pollution in vm2 Critical
CVE-2021-23449 was published for vm2 (npm) Oct 19, 2021
objection.js Prototype Pollution vulnerability Critical
CVE-2021-3766 was published for objection (npm) Sep 7, 2021
Prototype Pollution in irrelon-path and @irrelon/path Critical
CVE-2020-7708 was published for @irrelon/path (npm) May 6, 2021
Prototype Pollution in deephas Critical
CVE-2020-28271 was published for deephas (npm) Sep 24, 2021
Prototype Pollution in field Critical
CVE-2020-28269 was published for field (npm) Dec 10, 2021
Deserialization of untrusted data in FasterXML jackson-databind Critical
CVE-2019-14379 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Aug 1, 2019
set-getter Prototype Pollution Vulnerability Critical
CVE-2021-25949 was published for set-getter (npm) Jun 21, 2021
ProTip! Advisories are also available from the GraphQL API