Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,615
Maven
5,000+
npm
4,255
NuGet
760
pip
4,036
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

488 advisories

Loading
web3-core-method is vulnerable to prototype pollution Low
CVE-2025-57329 was published for web3-core-method (npm) Sep 24, 2025
spmrc vulnerable to prototype pollution Low
CVE-2025-57327 was published for spmrc (npm) Sep 24, 2025
A vulnerability exists in the 'dagre-d3-es' Node.js package version 7.0.9, specifically within... Critical Unreviewed
CVE-2025-57347 was published Sep 24, 2025
json-schema-editor-visual vulnerable to prototype pollution Moderate
CVE-2025-57320 was published for json-schema-editor-visual (npm) Sep 24, 2025
parse is vulnerable to prototype pollution Moderate
CVE-2025-57324 was published for parse (npm) Sep 24, 2025
Duplicate Advisory: rollbar vulnerable to prototype pollution Low
GHSA-m929-rg27-gj99 was published for rollbar (npm) Sep 24, 2025 withdrawn
anshulsahni
Credited to anshulsahni
dref is vulnerable to prototype pollution High
CVE-2025-26278 was published for dref (npm) Sep 25, 2025
algoliasearch-helper is vulnerable to Prototype Pollution in _merge() Moderate
CVE-2025-3193 was published for algoliasearch-helper (npm) Sep 27, 2025
Parse Javascript SDK vulnerable to prototype pollution in `Parse.Object` and internal APIs Moderate
CVE-2025-62374 was published for parse (npm) Oct 14, 2025
Moumouls mtrezza
Credited to Moumouls and mtrezza
`sveltekit-superforms` has Prototype Pollution in `parseFormData` function of `formData.js` High
CVE-2025-62381 was published for sveltekit-superforms (npm) Oct 15, 2025
d-xuan
Credited to d-xuan
happy-dom's `--disallow-code-generation-from-strings` is not sufficient for isolating untrusted JavaScript Critical
CVE-2025-62410 was published for happy-dom (npm) Oct 15, 2025
cristianstaicu
Credited to cristianstaicu
rollbar vulnerable to prototype pollution Low
CVE-2025-57325 was published for rollbar (npm) Oct 20, 2025
waltjones brianr
Credited to waltjones and brianr
rollbar vulnerable to Prototype Pollution in merge() Moderate
CVE-2025-62517 was published for rollbar (npm) Oct 23, 2025
waltjones brianr
kiwi865
Credited to waltjones, brianr, and kiwi865
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database