Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

151 advisories

Loading
Prototype Pollution in tiny-conf Critical
CVE-2020-7724 was published for tiny-conf (npm) May 10, 2021
Prototype pollution in json8 Critical
CVE-2020-7770 was published for json8 (npm) May 10, 2021
Prototype Pollution in node-oojs Critical
CVE-2020-7721 was published for node-oojs (npm) May 6, 2021
Prototype Pollution in promisehelpers Critical
CVE-2020-7723 was published for promisehelpers (npm) May 6, 2021
Prototype Pollution in phpjs Critical
CVE-2020-7700 was published for phpjs (npm) May 6, 2021
Prototype Pollution in dot-notes Critical
CVE-2020-7717 was published for dot-notes (npm) May 6, 2021
Prototype Pollution in set-or-get Critical
CVE-2021-25913 was published for set-or-get (npm) Apr 12, 2021
Prototype Pollution in doc-path Critical
CVE-2020-7772 was published for doc-path (npm) May 10, 2021
Prototype pollution in set-object-value Critical
CVE-2020-28281 was published for set-object-value (npm) Apr 13, 2021
Prototype Pollution in multi-ini Critical
CVE-2020-28448 was published for multi-ini (npm) Apr 13, 2021
Prototype Pollution Vulnerability in object-collider Critical
CVE-2021-25914 was published for object-collider (npm) Mar 19, 2021
Prototype pollution in set-in Critical
CVE-2020-28273 was published for set-in (npm) Mar 19, 2021
steal vulnerable to Prototype Pollution via alias variable Critical
CVE-2022-37265 was published for steal (npm) Sep 21, 2022
steal vulnerable to Prototype Pollution Critical
CVE-2022-37258 was published for steal (npm) Sep 17, 2022
linux-cmdline is vulnerable to Prototype Pollution via the constructor Critical
CVE-2020-7704 was published for linux-cmdline (npm) May 24, 2022
steal vulnerable to Prototype Pollution via key variable in babel.js Critical
CVE-2022-37266 was published for steal (npm) Sep 16, 2022
steal vulnerable to Prototype Pollution via requestedVersion variable Critical
CVE-2022-37257 was published for steal (npm) Sep 16, 2022
TypeORM vulnerable to MAID and Prototype Pollution Critical
CVE-2020-8158 was published for typeorm (npm) May 7, 2021
steal vulnerable to Prototype Pollution via optionName variable Critical
CVE-2022-37264 was published for steal (npm) Sep 16, 2022
Properties-Reader before v2.2.0 vulnerable to prototype pollution Critical
CVE-2020-28471 was published for properties-reader (npm) Jul 19, 2022
FurqanSoftware/node-whois vulnerable to Prototype Pollution Critical
CVE-2020-36618 was published for whois (npm) Dec 19, 2022
Prototype Pollution in deep.assign Critical
CVE-2021-40663 was published for deep.assign (npm) Jul 1, 2022
merge vulnerable to Prototype Pollution Critical
CVE-2021-3645 was published for @viking04/merge (npm) Sep 13, 2021
flat vulnerable to Prototype Pollution Critical
CVE-2020-36632 was published for flat (npm) Dec 25, 2022
ProTip! Advisories are also available from the GraphQL API