Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,303
Erlang
31
GitHub Actions
21
Go
2,072
Maven
5,000+
npm
3,744
NuGet
669
pip
3,430
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+

151 advisories

Loading
Sandbox bypass in vm2 Critical
CVE-2021-23555 was published for vm2 (npm) Feb 12, 2022
Prototype Pollution in realms-shim Critical
CVE-2021-23594 was published for realms-shim (npm) Jan 12, 2022
Prototype Pollution in realms-shim Critical
CVE-2021-23543 was published for realms-shim (npm) Jan 13, 2022
Prototype Pollution in js-data Critical
CVE-2021-23574 was published for js-data (npm) Jan 6, 2022
safe-eval vulnerable to Prototype Pollution Critical
CVE-2022-25904 was published for safe-eval (npm) Dec 20, 2022
Withdrawn: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in @xmldom/xmldom and xmldom Critical
CVE-2022-37616 was published for @xmldom/xmldom (npm) Oct 11, 2022 withdrawn
secdevlpr26 bchew
tzimmermann mrtc0 karfau
Prototype Pollution in convict Critical
CVE-2022-21190 was published for convict (npm) May 14, 2022
Prototype pollution in object-hierarchy-access Critical
CVE-2020-28270 was published for object-hierarchy-access (npm) Oct 12, 2021
Prototype Pollution in vm2 Critical
CVE-2021-23449 was published for vm2 (npm) Oct 19, 2021
Prototype pollution in aurelia-path Critical
CVE-2021-41097 was published for aurelia-path (npm) Sep 27, 2021
msrkp
Prototype pollution vulnerability in 'patchmerge' Critical
CVE-2021-25916 was published for patchmerge (npm) Oct 13, 2021
Prototype Pollution in mixme Critical
CVE-2021-28860 was published for mixme (npm) Feb 10, 2022
Prototype Pollution in putil-merge Critical
CVE-2021-25953 was published for putil-merge (npm) Dec 10, 2021
Prototype pollution in safe-obj Critical
CVE-2021-25928 was published for safe-obj (npm) Jun 21, 2021
Prototype pollution in nconf-toml Critical
CVE-2021-25946 was published for nconf-toml (npm) Jun 7, 2021
Prototype Pollution in deep-override Critical
CVE-2021-25941 was published for deep-override (npm) May 17, 2021
Prototype pollution in safe-flat Critical
CVE-2021-25927 was published for safe-flat (npm) Jun 21, 2021
Prototype Pollution in safe-object2 Critical
CVE-2020-7726 was published for safe-object2 (npm) May 6, 2021
Prototype Pollution in nodee-utils Critical
CVE-2020-7722 was published for nodee-utils (npm) May 6, 2021
Prototype pollution in 101 Critical
CVE-2021-25943 was published for 101 (npm) May 17, 2021
Prototype Pollution in swiper Critical
CVE-2021-23370 was published for swiper (npm) May 10, 2021
Prototype Pollution in deeps Critical
CVE-2020-7716 was published for deeps (npm) May 6, 2021
Prototype Pollution in confucious Critical
CVE-2020-7714 was published for confucious (npm) May 6, 2021
Prototype Pollution in worksmith Critical
CVE-2020-7725 was published for worksmith (npm) May 6, 2021
Prototype Pollution in gedi Critical
CVE-2020-7727 was published for gedi (npm) May 6, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database