Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,737
Maven
5,000+
npm
4,336
NuGet
764
pip
4,111
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

138 advisories

Loading
Prototype Pollution in phpjs Critical
CVE-2020-7700 was published for phpjs (npm) May 6, 2021
Prototype pollution in set-object-value Critical
CVE-2020-28281 was published for set-object-value (npm) Apr 13, 2021
Prototype Pollution in multi-ini Critical
CVE-2020-28448 was published for multi-ini (npm) Apr 13, 2021
Prototype Pollution in set-or-get Critical
CVE-2021-25913 was published for set-or-get (npm) Apr 12, 2021
Prototype Pollution Vulnerability in object-collider Critical
CVE-2021-25914 was published for object-collider (npm) Mar 19, 2021
Prototype pollution in set-in Critical
CVE-2020-28273 was published for set-in (npm) Mar 19, 2021
Prototype Pollution in express-fileupload Critical
CVE-2020-7699 was published for express-fileupload (npm) Aug 5, 2020
Prototype Pollution in handlebars Critical
CVE-2019-19919 was published for bootstrap-wysihtml5-rails (RubyGems) Dec 26, 2019
Prototype Pollution in set-value Critical
CVE-2019-10747 was published for set-value (npm) Aug 27, 2019
Deserialization of untrusted data in FasterXML jackson-databind Critical
CVE-2019-14379 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Aug 1, 2019
Prototype Pollution in lodash Critical
CVE-2019-10744 was published for lodash (RubyGems) Jul 10, 2019
G-Rath
Credited to G-Rath
Prototype Pollution in just-extend Critical
CVE-2018-16489 was published for just-extend (npm) Feb 7, 2019
Prototype Pollution in async merge-object Critical
CVE-2018-3753 was published for merge-object (npm) Sep 18, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database