GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,015
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
408 advisories
Filter by severity
matrix-js-sdk Prototype Pollution vulnerability
High
CVE-2022-36059
was published
for
matrix-js-sdk
(npm)
Mar 28, 2023
Collection.js vulnerable to Prototype Pollution
High
CVE-2023-26113
was published
for
collection.js
(npm)
Mar 18, 2023
dot-lens vulnerable to Prototype Pollution
High
CVE-2023-26106
was published
for
dot-lens
(npm)
Mar 6, 2023
mde utilities contains Prototype Pollution
High
CVE-2023-26105
was published
for
utilities
(npm)
Feb 28, 2023
rangy vulnerable to Prototype Pollution
High
CVE-2023-26102
was published
for
rangy
(npm)
Feb 24, 2023
A prototype pollution vulnerability exists in Rocket.Chat server <5.2.0 that could allow an...
High
Unreviewed
CVE-2023-23917
was published
Feb 23, 2023
Prototype Pollution in Visioweb.js 1.10.6 allows attackers to execute XSS on the client system.
Moderate
Unreviewed
CVE-2022-3901
was published
Feb 20, 2023
convict vulnerable to Prototype Pollution
High
CVE-2023-0163
was published
for
convict
(npm)
Jan 10, 2023
Baobab vulnerable to Prototype Pollution
Critical
CVE-2021-4307
was published
for
baobab
(npm)
Jan 7, 2023
Prototype Pollution in JSON5 via Parse Method
High
CVE-2022-46175
was published
for
json5
(npm)
Dec 29, 2022
json-pointer vulnerable to Prototype Pollution
Critical
CVE-2022-4742
was published
for
json-pointer
(npm)
Dec 26, 2022
Starcounter-Jack JSON-Patch Prototype Pollution vulnerability
High
CVE-2021-4279
was published
for
fast-json-patch
(npm)
Dec 25, 2022
flat vulnerable to Prototype Pollution
Critical
CVE-2020-36632
was published
for
flat
(npm)
Dec 25, 2022
tree-kit vulnerable to Prototype Pollution
High
CVE-2021-4278
was published
for
tree-kit
(npm)
Dec 25, 2022
An attacker could have sent a message to the parent process where the contents were used to...
High
Unreviewed
CVE-2022-1529
was published
Dec 22, 2022
If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype...
High
Unreviewed
CVE-2022-1802
was published
Dec 22, 2022
If an object prototype was corrupted by an attacker, they would have been able to set undesired...
High
Unreviewed
CVE-2022-2200
was published
Dec 22, 2022
dustjs-linkedin vulnerable to Prototype Pollution
High
CVE-2021-4264
was published
for
dustjs-linkedin
(npm)
Dec 21, 2022
safe-eval vulnerable to Prototype Pollution
Critical
CVE-2022-25904
was published
for
safe-eval
(npm)
Dec 20, 2022
FurqanSoftware/node-whois vulnerable to Prototype Pollution
Critical
CVE-2020-36618
was published
for
whois
(npm)
Dec 19, 2022
npm package rfc6902 vulnerable to Prototype Pollution
Critical
CVE-2021-4245
was published
for
rfc6902
(npm)
Dec 15, 2022
Parse Server is vulnerable to Prototype Pollution via Cloud Code Webhooks
High
CVE-2022-41879
was published
for
parse-server
(npm)
Nov 10, 2022
Parse Server vulnerable to Prototype Pollution via Cloud Code Webhooks or Cloud Code Triggers
High
CVE-2022-41878
was published
for
parse-server
(npm)
Nov 9, 2022
Remote code execution via MongoDB BSON parser through prototype pollution
Critical
CVE-2022-39396
was published
for
parse-server
(npm)
Nov 8, 2022
ProTip!
Advisories are also available from the
GraphQL API