GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
131 advisories
Filter by severity
thlorenz browserify-shim vulnerable to prototype pollution
Critical
CVE-2022-37621
was published
for
browserify-shim
(npm)
Oct 29, 2022
Feather-Sequelize cleanQuery method vulnerable to Prototype Pollution
Critical
CVE-2022-29823
was published
for
feathers-sequelize
(npm)
Oct 26, 2022
Grunt-karma vulnerable to prototype pollution
Critical
CVE-2022-37602
was published
for
grunt-karma
(npm)
Oct 14, 2022
Prototype pollution in webpack loader-utils
Critical
CVE-2022-37601
was published
for
loader-utils
(npm)
Oct 13, 2022
mockery is vulnerable to prototype pollution
Critical
CVE-2022-37614
was published
for
mockery
(npm)
Oct 12, 2022
tschaub gh-pages vulnerable to prototype pollution
Critical
CVE-2022-37611
was published
for
gh-pages
(npm)
Oct 12, 2022
thlorenz browserify-shim vulnerable to prototype pollution
Critical
CVE-2022-37617
was published
for
browserify-shim
(npm)
Oct 12, 2022
Withdrawn: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in @xmldom/xmldom and xmldom
Critical
CVE-2022-37616
was published
for
@xmldom/xmldom
(npm)
Oct 11, 2022
•
withdrawn
steal vulnerable to Prototype Pollution via alias variable
Critical
CVE-2022-37265
was published
for
steal
(npm)
Sep 21, 2022
steal vulnerable to Prototype Pollution
Critical
CVE-2022-37258
was published
for
steal
(npm)
Sep 17, 2022
steal vulnerable to Prototype Pollution via requestedVersion variable
Critical
CVE-2022-37257
was published
for
steal
(npm)
Sep 16, 2022
steal vulnerable to Prototype Pollution via key variable in babel.js
Critical
CVE-2022-37266
was published
for
steal
(npm)
Sep 16, 2022
steal vulnerable to Prototype Pollution via optionName variable
Critical
CVE-2022-37264
was published
for
steal
(npm)
Sep 16, 2022
Mongoose Vulnerable to Prototype Pollution in Schema Object
Critical
CVE-2022-24304
was published
for
mongoose
(npm)
Aug 27, 2022
ts-deepmerge before 2.0.2 vulnerable to Prototype Pollution
Critical
CVE-2022-25907
was published
for
ts-deepmerge
(npm)
Aug 10, 2022
conf-cfg-ini Prototype Pollution via malicious INI file before v1.2.2
Critical
CVE-2020-28441
was published
for
conf-cfg-ini
(npm)
Jul 26, 2022
js-ini Prorotype Pollution when malicious INI files submitted to an application that parses it with `parse`
Critical
CVE-2020-28461
was published
for
js-ini
(npm)
Jul 26, 2022
set-deep-prop Prototype Pollution
Critical
CVE-2021-23373
was published
for
set-deep-prop
(npm)
Jul 26, 2022
ion-parser Prototype Pollution when malicious INI file submitted to application that parses with `parse`
Critical
CVE-2020-28462
was published
for
ion-parser
(npm)
Jul 26, 2022
Properties-Reader before v2.2.0 vulnerable to prototype pollution
Critical
CVE-2020-28471
was published
for
properties-reader
(npm)
Jul 19, 2022
Prototype Pollution in deep.assign
Critical
CVE-2021-40663
was published
for
deep.assign
(npm)
Jul 1, 2022
deep-defaults vulnerable to prototype pollution
Critical
CVE-2021-25944
was published
for
deep-defaults
(npm)
May 24, 2022
Changeset vulnerable to prototype pollution
Critical
CVE-2021-25915
was published
for
changeset
(npm)
May 24, 2022
dset vulnerable to prototype pollution
Critical
CVE-2020-28277
was published
for
dset
(npm)
May 24, 2022
Prototype pollution vulnerability in 'deep-set'
Critical
CVE-2020-28276
was published
for
deep-set
(npm)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API