Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,891
Erlang
37
GitHub Actions
38
Go
2,550
Maven
5,000+
npm
4,221
NuGet
745
pip
3,998
Pub
12
RubyGems
953
Rust
1,039
Swift
45
Unreviewed advisories
All unreviewed
5,000+

158 advisories

Loading
Prototype pollution in webpack loader-utils Critical
CVE-2022-37601 was published for loader-utils (npm) Oct 13, 2022
westonsteimel kennylindley
Credited to westonsteimel and kennylindley
mockery is vulnerable to prototype pollution Critical
CVE-2022-37614 was published for mockery (npm) Oct 12, 2022
akaustav
Credited to akaustav
Prototype pollution vulnerability in beautify-web js-beautify 1.13.7 via the name variable in... Critical Unreviewed
CVE-2022-37609 was published Oct 12, 2022
thlorenz browserify-shim vulnerable to prototype pollution Critical
CVE-2022-37617 was published for browserify-shim (npm) Oct 12, 2022
tschaub gh-pages vulnerable to prototype pollution Critical
CVE-2022-37611 was published for gh-pages (npm) Oct 12, 2022
Withdrawn: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in @xmldom/xmldom and xmldom Critical
CVE-2022-37616 was published for @xmldom/xmldom (npm) Oct 11, 2022 withdrawn
secdevlpr26 bchew
tzimmermann mrtc0 karfau
Credited to secdevlpr26, bchew, tzimmermann, mrtc0, and karfau
steal vulnerable to Prototype Pollution via alias variable Critical
CVE-2022-37265 was published for steal (npm) Sep 21, 2022
steal vulnerable to Prototype Pollution Critical
CVE-2022-37258 was published for steal (npm) Sep 17, 2022
steal vulnerable to Prototype Pollution via key variable in babel.js Critical
CVE-2022-37266 was published for steal (npm) Sep 16, 2022
steal vulnerable to Prototype Pollution via requestedVersion variable Critical
CVE-2022-37257 was published for steal (npm) Sep 16, 2022
steal vulnerable to Prototype Pollution via optionName variable Critical
CVE-2022-37264 was published for steal (npm) Sep 16, 2022
Mongoose Vulnerable to Prototype Pollution in Schema Object Critical
CVE-2022-24304 was published for mongoose (npm) Aug 27, 2022
ts-deepmerge before 2.0.2 vulnerable to Prototype Pollution Critical
CVE-2022-25907 was published for ts-deepmerge (npm) Aug 10, 2022
conf-cfg-ini Prototype Pollution via malicious INI file before v1.2.2 Critical
CVE-2020-28441 was published for conf-cfg-ini (npm) Jul 26, 2022
set-deep-prop Prototype Pollution Critical
CVE-2021-23373 was published for set-deep-prop (npm) Jul 26, 2022
js-ini Prorotype Pollution when malicious INI files submitted to an application that parses it with `parse` Critical
CVE-2020-28461 was published for js-ini (npm) Jul 26, 2022
ion-parser Prototype Pollution when malicious INI file submitted to application that parses with `parse` Critical
CVE-2020-28462 was published for ion-parser (npm) Jul 26, 2022
Properties-Reader before v2.2.0 vulnerable to prototype pollution Critical
CVE-2020-28471 was published for properties-reader (npm) Jul 19, 2022
Prototype Pollution in deep.assign Critical
CVE-2021-40663 was published for deep.assign (npm) Jul 1, 2022
deep-defaults vulnerable to prototype pollution Critical
CVE-2021-25944 was published for deep-defaults (npm) May 24, 2022
Changeset vulnerable to prototype pollution Critical
CVE-2021-25915 was published for changeset (npm) May 24, 2022
dset vulnerable to prototype pollution Critical
CVE-2020-28277 was published for dset (npm) May 24, 2022
flattenizer vulnerable to prototype pollution Critical
CVE-2020-28279 was published for flattenizer (npm) May 24, 2022
Prototype pollution vulnerability in 'deep-set' Critical
CVE-2020-28276 was published for deep-set (npm) May 24, 2022
shvl vulnerable to prototype pollution Critical
CVE-2020-28278 was published for shvl (npm) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database