Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+

174 advisories

Loading
convict vulnerable to Prototype Pollution High
CVE-2023-0163 was published for convict (npm) Jan 10, 2023
Captain-K-101
@backstage/plugin-catalog-backend Prototype Pollution vulnerability High
CVE-2024-45815 was published for @backstage/plugin-catalog-backend (npm) Sep 17, 2024
node-gettext vulnerable to Prototype Pollution High
CVE-2024-21528 was published for node-gettext (npm) Sep 10, 2024
njwt Prototype Pollution vulnerability High
CVE-2024-34273 was published for njwt (npm) May 16, 2024
Prototype pollution vulnerability found in Mermaid's bundled version of DOMPurify High
GHSA-m4gq-x24j-jpmf was published for mermaid (npm) Oct 22, 2024
aloisklink sidharthv96
ashishjain0512 mlevy-parasoft byt3n33dl3
@saltcorn/server Remote Code Execution (RCE) / SQL injection via prototype pollution by manipulating `lang` and `defstring` parameters when setting localizer strings High
GHSA-78p3-fwcq-62c2 was published for @saltcorn/server (npm) Oct 3, 2024
dellalibera
uPlot Prototype Pollution vulnerability High
CVE-2024-21489 was published for uplot (npm) Oct 1, 2024
DOMPurify allows tampering by prototype pollution High
CVE-2024-45801 was published for dompurify (npm) Sep 16, 2024
eslerm cure53
dset Prototype Pollution vulnerability High
CVE-2024-21529 was published for dset (npm) Sep 11, 2024
Prototype pollution in ag-grid-community via the _.mergeDeep function High
CVE-2024-38996 was published for ag-grid-community (npm) Jul 1, 2024
kiril-matev
Remote Code Execution via Script (Python) objects under Python 3 High
CVE-2021-32811 was published for Zope (pip) Aug 5, 2021
MiguelCastillo @bit/loader Prototype Pollution issue High
CVE-2024-24293 was published for @bit/loader (npm) May 20, 2024
robinweser fast-loops vulnerable to prototype pollution High
CVE-2024-39008 was published for fast-loops (npm) Jul 1, 2024
@75lb/deep-merge Prototype Pollution vulnerability High
CVE-2024-38986 was published for @75lb/deep-merge (npm) Jul 30, 2024
thewilkybarkid
jrburke requirejs vulnerable to prototype pollution High
CVE-2024-38999 was published for requirejs (npm) Jul 1, 2024
BlazingWizard
Badger Database Prototype Pollution High
CVE-2024-36581 was published for @abw/badger-database (npm) Jun 17, 2024
A vulnerability in the web-based management interface of HPE Aruba Networking EdgeConnect SD-WAN... High Unreviewed
CVE-2024-33519 was published Jul 24, 2024
A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could... High Unreviewed
CVE-2024-22443 was published Jul 24, 2024
Object Resolver Prototype Pollution High
CVE-2024-36577 was published for @apphp/object-resolver (npm) Jun 17, 2024
@amoy/common v was discovered to contain a prototype pollution via the function extend High
CVE-2024-38994 was published for @amoy/common (npm) Jul 1, 2024
frappejs was discovered to contain a prototype pollution via the function registerView High
CVE-2024-38992 was published for @airvertco/frappejs (npm) Jul 1, 2024
akbr patch-into was discovered to contain a prototype pollution via the function patchInto High
CVE-2024-38991 was published for @akbr/patch-into (npm) Jul 1, 2024
amoyjs amoy common v1.0.10 was discovered to contain a prototype pollution via the function... High Unreviewed
CVE-2024-39003 was published Jul 1, 2024
jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function config.... High Unreviewed
CVE-2024-38998 was published Jul 1, 2024
che3vinci c3/utils-1 1.0.131 was discovered to contain a prototype pollution via the function... High Unreviewed
CVE-2024-39016 was published Jul 1, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database