Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,891
Erlang
37
GitHub Actions
38
Go
2,550
Maven
5,000+
npm
4,221
NuGet
745
pip
3,998
Pub
12
RubyGems
953
Rust
1,038
Swift
45
Unreviewed advisories
All unreviewed
5,000+

483 advisories

Loading
docarray prototype pollution Moderate
CVE-2025-5150 was published for docarray (pip) May 25, 2025
radashi Allows Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Moderate
CVE-2025-48054 was published for radashi (npm) May 27, 2025
arkark aleclarson
Credited to arkark and aleclarson
billboard.js allows prototype pollution via the function generate Critical
CVE-2025-49223 was published for billboard.js (npm) Jun 4, 2025
saip-loginsoft
Credited to saip-loginsoft
@pdfme/common vulnerable to to XSS and Prototype Pollution through its expression evaluation Moderate
CVE-2025-53626 was published for @pdfme/common (npm) Jul 10, 2025
arkark
Credited to arkark
Linkify Allows Prototype Pollution & HTML Attribute Injection (XSS) High
CVE-2025-8101 was published for linkifyjs (npm) Jul 26, 2025
saip007
Credited to saip007
@nyariv/sandboxjs has Prototype Pollution vulnerability that may lead to RCE High
CVE-2025-34146 was published for @nyariv/sandboxjs (npm) Jul 31, 2025
JLLeitschuh
Credited to JLLeitschuh
js-toml Prototype Pollution Vulnerability High
CVE-2025-54803 was published for js-toml (npm) Aug 4, 2025
siunam321
Credited to siunam321
content-security-policy-parser Prototype Pollution Vulnerability May Lead to RCE High
CVE-2025-55164 was published for content-security-policy-parser (npm) Aug 12, 2025
pnappa EvanHahn
Credited to pnappa and EvanHahn
Spreecommerce versions prior to 0.60.2 contains a remote command execution vulnerability in its... Critical Unreviewed
CVE-2011-10019 was published Aug 13, 2025
devalue prototype pollution vulnerability High
CVE-2025-57820 was published for devalue (npm) Aug 26, 2025
apyatko Rich-Harris
dominikg
Credited to apyatko, Rich-Harris, and dominikg
Vulnerability of exposing object heap addresses in the Ark eTS module. Impact: Successful... High Unreviewed
CVE-2025-58280 was published Sep 5, 2025
messageformat prototype pollution vulnerability High
CVE-2025-57353 was published for @messageformat/runtime (npm) Sep 24, 2025
min-document vulnerable to prototype pollution Low
CVE-2025-57352 was published for min-document (npm) Sep 24, 2025
CSVTOJSON has a prototype pollution vulnerability Moderate
CVE-2025-57350 was published for csvtojson (npm) Sep 24, 2025
counterpart vulnerable to prototype pollution Moderate
CVE-2025-57354 was published for counterpart (npm) Sep 24, 2025
fast-redact vulnerable to prototype pollution Low
CVE-2025-57319 was published for fast-redact (npm) Sep 24, 2025
ts-fns has prototype pollution vulnerability Moderate
CVE-2025-57351 was published for ts-fns (npm) Sep 24, 2025
web3-core-subscriptions has a Prototype Pollution vulnerability Low
CVE-2025-57330 was published for web3-core-subscriptions (npm) Sep 24, 2025
rollbar vulnerable to prototype pollution Low
CVE-2025-57325 was published for rollbar (npm) Sep 24, 2025
anshulsahni
Credited to anshulsahni
web3-core-method is vulnerable to prototype pollution Low
CVE-2025-57329 was published for web3-core-method (npm) Sep 24, 2025
A vulnerability exists in the 'dagre-d3-es' Node.js package version 7.0.9, specifically within... Critical Unreviewed
CVE-2025-57347 was published Sep 24, 2025
parse is vulnerable to prototype pollution Moderate
CVE-2025-57324 was published for parse (npm) Sep 24, 2025
spmrc vulnerable to prototype pollution Low
CVE-2025-57327 was published for spmrc (npm) Sep 24, 2025
csvjson vulnerable to prototype injection High
CVE-2025-57318 was published for csvjson (npm) Sep 24, 2025
toggle-array vulnerable to prototype pollution Low
CVE-2025-57328 was published for toggle-array (npm) Sep 24, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database