GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
151 advisories
Filter by severity
Prototype pollution vulnerability in beautify-web js-beautify 1.13.7 via the name variable in...
Critical
Unreviewed
CVE-2022-37609
was published
Oct 12, 2022
Beaker before 0.8.9 allows a sandbox escape, enabling system access and code execution. This...
Critical
Unreviewed
CVE-2020-12079
was published
May 24, 2022
Prototype Pollution in property-expr
Critical
CVE-2020-7707
was published
for
property-expr
(npm)
May 6, 2021
Autobinding vulnerability in MITREid Connect
Critical
CVE-2021-27582
was published
for
org.mitre:openid-connect-parent
(Maven)
May 13, 2021
Prototype Pollution in express-fileupload
Critical
CVE-2020-7699
was published
for
express-fileupload
(npm)
Aug 5, 2020
Improperly Controlled Modification of Dynamically-Determined Object Attributes in Apache Struts
Critical
CVE-2019-0230
was published
for
org.apache.struts:struts2-core
(Maven)
Dec 2, 2021
Prototype Pollution in madlib-object-utils
Critical
CVE-2020-7701
was published
for
madlib-object-utils
(npm)
May 6, 2021
Prototype Pollution in nis-utils
Critical
CVE-2020-7703
was published
for
nis-utils
(npm)
May 6, 2021
Prototype Pollution in connie-lang
Critical
CVE-2020-7706
was published
for
connie-lang
(npm)
May 6, 2021
Prototype Pollution in arr-flatten-unflatten
Critical
CVE-2020-7713
was published
for
arr-flatten-unflatten
(npm)
May 6, 2021
ts-deepmerge before 2.0.2 vulnerable to Prototype Pollution
Critical
CVE-2022-25907
was published
for
ts-deepmerge
(npm)
Aug 10, 2022
js-ini Prorotype Pollution when malicious INI files submitted to an application that parses it with `parse`
Critical
CVE-2020-28461
was published
for
js-ini
(npm)
Jul 26, 2022
ion-parser Prototype Pollution when malicious INI file submitted to application that parses with `parse`
Critical
CVE-2020-28462
was published
for
ion-parser
(npm)
Jul 26, 2022
conf-cfg-ini Prototype Pollution via malicious INI file before v1.2.2
Critical
CVE-2020-28441
was published
for
conf-cfg-ini
(npm)
Jul 26, 2022
set-deep-prop Prototype Pollution
Critical
CVE-2021-23373
was published
for
set-deep-prop
(npm)
Jul 26, 2022
Prototype Pollution in libnested
Critical
CVE-2022-25352
was published
for
libnested
(npm)
Mar 18, 2022
Prototype polluation in just-safe-set
Critical
CVE-2021-25952
was published
for
just-safe-set
(npm)
Dec 10, 2021
Prototype pollution vulnerability in js-extend
Critical
CVE-2021-25945
was published
for
js-extend
(npm)
Jun 8, 2021
Prototype Pollution in algoliasearch-helper
Critical
CVE-2021-23433
was published
for
algoliasearch-helper
(npm)
Nov 23, 2021
Command injection in Parse Server through prototype pollution
Critical
CVE-2022-24760
was published
for
parse-server
(npm)
Mar 11, 2022
ProTip!
Advisories are also available from the
GraphQL API