GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
81 advisories
Filter by severity
Sandbox Breakout / Prototype Pollution in notevil
Moderate
GHSA-9gxr-rhx6-4jgv
was published
for
notevil
(npm)
Sep 4, 2020
Prototype Pollution in smart-extend
Moderate
GHSA-f8h3-rqrm-47v9
was published
for
smart-extend
(npm)
Sep 2, 2020
Prototype Pollution in mergify
Moderate
GHSA-3f95-w5h5-fq86
was published
for
mergify
(npm)
Sep 11, 2020
The jQuery deserialize library in Fisheye and Crucible before version 4.8.9 allowed remote...
Moderate
Unreviewed
CVE-2021-43956
was published
Mar 17, 2022
yargs-parser Vulnerable to Prototype Pollution
Moderate
CVE-2020-7608
was published
for
yargs-parser
(npm)
Sep 4, 2020
Sandbox escape in notevil and argencoders-notevil
Moderate
CVE-2021-23771
was published
for
argencoders-notevil
(npm)
Mar 18, 2022
Prototype Pollution in json-pointer
Moderate
CVE-2021-23820
was published
for
json-pointer
(npm)
Nov 8, 2021
Prototype Pollution in querymen
Moderate
CVE-2022-25871
was published
for
querymen
(npm)
Jun 18, 2022
Prototype pollution in json-pointer
Moderate
CVE-2020-7709
was published
for
json-pointer
(npm)
May 10, 2021
Improperly Controlled Modification of Dynamically-Determined Object Attributes in vega-util
Moderate
CVE-2019-10806
was published
for
vega-util
(npm)
May 7, 2021
Prototype Pollution in open-graph
Moderate
CVE-2021-23419
was published
for
open-graph
(npm)
Sep 1, 2021
Improperly Controlled Modification of Dynamically-Determined Object Attributes in querymen
Moderate
CVE-2020-7600
was published
for
querymen
(npm)
May 7, 2021
confinit vulnerable to prototype pollution
Moderate
CVE-2020-7638
was published
for
confinit
(npm)
Apr 7, 2020
Improperly Controlled Modification of Dynamically-Determined Object Attributes in express-mock-middleware
Moderate
CVE-2020-7616
was published
for
express-mock-middleware
(npm)
Dec 9, 2021
Prototype pollution in multi-ini
Moderate
CVE-2020-28460
was published
for
multi-ini
(npm)
Apr 13, 2021
Prototype pollution in class-transformer
Moderate
CVE-2020-7637
was published
for
class-transformer
(npm)
Apr 7, 2020
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the UpgradeWizard...
Moderate
Unreviewed
CVE-2019-17317
was published
May 24, 2022
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Administration...
Moderate
Unreviewed
CVE-2019-17315
was published
May 24, 2022
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Import module by a...
Moderate
Unreviewed
CVE-2019-17316
was published
May 24, 2022
deep-object-diff vulnerable to Prototype Pollution
Moderate
CVE-2022-41713
was published
for
deep-object-diff
(npm)
Nov 4, 2022
express-xss-sanitizer vulnerable to Prototype Pollution via allowedTags attribute
Moderate
CVE-2022-21169
was published
for
express-xss-sanitizer
(npm)
Sep 27, 2022
deep-parse-json vulnerable to Prototype Pollution
Moderate
CVE-2022-42743
was published
for
deep-parse-json
(npm)
Nov 4, 2022
fastest-json-copy vulnerable to Prototype Pollution
Moderate
CVE-2022-41714
was published
for
fastest-json-copy
(npm)
Nov 4, 2022
ProTip!
Advisories are also available from the
GraphQL API