Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,303
Erlang
31
GitHub Actions
21
Go
2,072
Maven
5,000+
npm
3,744
NuGet
669
pip
3,430
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+

151 advisories

Loading
Sandbox bypass in vm2 Critical
CVE-2021-23555 was published for vm2 (npm) Feb 12, 2022
Prototype Pollution in litespeed.js and appwrite/server-ce Critical
CVE-2021-23682 was published for appwrite/server-ce (Composer) Feb 17, 2022
Prototype Pollution in object-extend Critical
CVE-2021-23702 was published for object-extend (npm) Feb 19, 2022
Feather-Sequelize cleanQuery method vulnerable to Prototype Pollution Critical
CVE-2022-29823 was published for feathers-sequelize (npm) Oct 26, 2022
Churro
safe-eval vulnerable to Prototype Pollution via the safeEval function Critical
CVE-2023-26121 was published for safe-eval (npm) Apr 11, 2023
safe-eval vulnerable to Sandbox Bypass due to improper input sanitization Critical
CVE-2023-26122 was published for safe-eval (npm) Apr 11, 2023
mockery is vulnerable to prototype pollution Critical
CVE-2022-37614 was published for mockery (npm) Oct 12, 2022
akaustav
Prototype pollution in nestie Critical
CVE-2021-25947 was published for nestie (npm) Jun 7, 2021
Remote code execution via MongoDB BSON parser through prototype pollution Critical
CVE-2022-39396 was published for parse-server (npm) Nov 8, 2022
Prototype Pollution in js-data Critical
CVE-2020-28442 was published for js-data (npm) Feb 9, 2022
Prototype Pollution in gammautils Critical
CVE-2020-7718 was published for gammautils (npm) May 6, 2021
Prototype Pollution in just-extend Critical
CVE-2018-16489 was published for just-extend (npm) Feb 7, 2019
objection.js Prototype Pollution vulnerability Critical
CVE-2021-3766 was published for objection (npm) Sep 7, 2021
Prototype pollution in getobject Critical
CVE-2020-28282 was published for getobject (npm) Oct 12, 2021
Prototype Pollution in irrelon-path and @irrelon/path Critical
CVE-2020-7708 was published for @irrelon/path (npm) May 6, 2021
Prototype Pollution in deephas Critical
CVE-2020-28271 was published for deephas (npm) Sep 24, 2021
Prototype Pollution in field Critical
CVE-2020-28269 was published for field (npm) Dec 10, 2021
Deserialization of untrusted data in FasterXML jackson-databind Critical
CVE-2019-14379 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Aug 1, 2019
set-getter Prototype Pollution Vulnerability Critical
CVE-2021-25949 was published for set-getter (npm) Jun 21, 2021
Prototype pollution in webpack loader-utils Critical
CVE-2022-37601 was published for loader-utils (npm) Oct 13, 2022
westonsteimel kennylindley
Prototype Pollution in ali-security/mongoose Critical
GHSA-rc4v-99cr-pjcm was published for @seal-security/mongoose-fixed (npm) Oct 17, 2023
keyget vulnerable to prototype pollution Critical
CVE-2020-28272 was published for keyget (npm) May 24, 2022
Changeset vulnerable to prototype pollution Critical
CVE-2021-25915 was published for changeset (npm) May 24, 2022
Grunt-karma vulnerable to prototype pollution Critical
CVE-2022-37602 was published for grunt-karma (npm) Oct 14, 2022
Baobab vulnerable to Prototype Pollution Critical
CVE-2021-4307 was published for baobab (npm) Jan 7, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database