GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,354
Erlang
31
GitHub Actions
22
Go
2,120
Maven
5,000+
npm
3,779
NuGet
681
pip
3,460
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
60 advisories
Filter by severity
A prototype pollution in the lib.merge function of cli-util v1.1.27 allows attackers to cause a...
High
Unreviewed
CVE-2024-57078
was published
Feb 6, 2025
A prototype pollution in the lib.merge function of xe-utils v3.5.31 allows attackers to cause a...
High
Unreviewed
CVE-2024-57074
was published
Feb 6, 2025
A prototype pollution in the lib.post function of ajax-request v1.2.3 allows attackers to cause a...
High
Unreviewed
CVE-2024-57076
was published
Feb 6, 2025
A prototype pollution in the lib.fromQuery function of underscore-contrib v0.3.0 allows attackers...
High
Unreviewed
CVE-2024-57081
was published
Feb 6, 2025
A prototype pollution in the function deepMerge of @stryker-mutator/util v8.6.0 allows attackers...
High
Unreviewed
CVE-2024-57085
was published
Feb 6, 2025
A prototype pollution in the function fieldsToJson of node-opcua-alarm-condition v2.134.0 allows...
High
Unreviewed
CVE-2024-57086
was published
Feb 6, 2025
A prototype pollution in the function lib.parse of dot-properties v1.0.1 allows attackers to...
High
Unreviewed
CVE-2024-57084
was published
Feb 6, 2025
A prototype pollution in the lib.createPath function of utile v0.3.0 allows attackers to cause a...
High
Unreviewed
CVE-2024-57065
was published
Feb 6, 2025
A prototype pollution in the lib function of expand-object v0.4.2 allows attackers to cause a...
High
Unreviewed
CVE-2024-57069
was published
Feb 6, 2025
A prototype pollution in the lib.setValue function of @syncfusion/ej2-spreadsheet v27.2.2 allows...
High
Unreviewed
CVE-2024-57064
was published
Feb 6, 2025
A prototype pollution in the lib function of php-date-formatter v1.3.6 allows attackers to cause...
High
Unreviewed
CVE-2024-57063
was published
Feb 6, 2025
A prototype pollution in the lib.parse function of dot-qs v0.2.0 allows attackers to cause a...
High
Unreviewed
CVE-2024-57067
was published
Feb 6, 2025
A prototype pollution in the lib.combine function of php-parser v3.2.1 allows attackers to cause...
High
Unreviewed
CVE-2024-57071
was published
Feb 6, 2025
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')...
Critical
Unreviewed
CVE-2024-56059
was published
Dec 18, 2024
In JetBrains YouTrack before 2024.3.52635 multiple merge functions were vulnerable to prototype...
Moderate
Unreviewed
CVE-2024-54156
was published
Dec 4, 2024
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')...
Critical
Unreviewed
CVE-2024-52441
was published
Nov 20, 2024
Chartist 1.x through 1.3.0 allows Prototype Pollution via the extend function.
Critical
Unreviewed
CVE-2024-45435
was published
Aug 29, 2024
A flaw allowing arbitrary code execution was discovered in Kibana. An attacker with access to ML...
Critical
Unreviewed
CVE-2024-37287
was published
Aug 13, 2024
Prototype Pollution in chargeover redoc v2.0.9-rc.69 allows attackers to execute arbitrary code...
Critical
Unreviewed
CVE-2024-39011
was published
Jul 30, 2024
Prototype Pollution in alykoshin mini-deep-assign v0.0.8 allows an attacker to execute arbitrary...
Critical
Unreviewed
CVE-2024-38983
was published
Jul 30, 2024
chase-moskal snapstate v0.0.9 was discovered to contain a prototype pollution via the function...
Critical
Unreviewed
CVE-2024-39010
was published
Jul 30, 2024
Prototype Pollution in lukebond json-override 0.2.0 allows attackers to to execute arbitrary code...
Critical
Unreviewed
CVE-2024-38984
was published
Jul 30, 2024
Prototype pollution in allpro form-manager 0.7.4 allows attackers to run arbitrary code and cause...
Critical
Unreviewed
CVE-2024-36572
was published
Jul 30, 2024
ais-ltd strategyen v0.4.0 was discovered to contain a prototype pollution via the function...
Critical
Unreviewed
CVE-2024-39012
was published
Jul 30, 2024
A vulnerability in the web-based management interface of HPE Aruba Networking EdgeConnect SD-WAN...
High
Unreviewed
CVE-2024-33519
was published
Jul 24, 2024
ProTip!
Advisories are also available from the
GraphQL API