Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,356
Erlang
33
GitHub Actions
22
Go
2,121
Maven
5,000+
npm
3,783
NuGet
683
pip
3,465
Pub
12
RubyGems
893
Rust
892
Swift
38
Unreviewed advisories
All unreviewed
5,000+

372 advisories

Loading
Prototype Pollution in node-forge High
CVE-2020-7720 was published for node-forge (npm) Sep 14, 2020
dot-prop Prototype Pollution vulnerability High
CVE-2020-8116 was published for dot-prop (npm) Jul 29, 2020
Prototype Pollution in handlebars Critical
CVE-2019-19919 was published for bootstrap-wysihtml5-rails (RubyGems) Dec 26, 2019
Prototype Pollution in handlebars Critical
CVE-2021-23383 was published for handlebars (npm) Feb 10, 2022
eazy-logger prototype pollution High
CVE-2024-57075 was published for eazy-logger (npm) Feb 6, 2025
RDIL
@rpldy/uploader prototype pollution High
CVE-2024-57082 was published for @rpldy/uploader (npm) Feb 6, 2025
vxe-table prototype pollution High
CVE-2024-57080 was published for vxe-table (npm) Feb 6, 2025
@zag-js/core prototype pollution High
CVE-2024-57079 was published for @zag-js/core (npm) Feb 6, 2025
utils-extend Prototype Pollution Critical
CVE-2024-57077 was published for utils-extend (npm) Feb 6, 2025
module-from-string prototype pollution High
CVE-2024-57072 was published for module-from-string (npm) Feb 6, 2025
@ndhoule/defaults prototype pollution High
CVE-2024-57066 was published for @ndhoule/defaults (npm) Feb 6, 2025
json-schema is vulnerable to Prototype Pollution Critical
CVE-2021-3918 was published for json-schema (npm) Nov 19, 2021
Prototype pollution in jsii.configureCategories Low
GHSA-m56h-5xx3-2jc2 was published for jsii (npm) Dec 18, 2024
Bun has an Application-level Prototype Pollution vulnerability in the runtime native API for Glo Moderate
CVE-2024-21548 was published for bun (npm) Dec 18, 2024
lirantal
Prototype Pollution in the merge and clone helper methods Moderate
CVE-2021-39227 was published for zrender (npm) Sep 20, 2021
Asjidkalam huntr-helper
@intlify/shared Prototype Pollution vulnerability Moderate
CVE-2024-52810 was published for @intlify/shared (npm) Dec 2, 2024
BobbieGoede
convict vulnerable to Prototype Pollution High
CVE-2023-0163 was published for convict (npm) Jan 10, 2023
Captain-K-101
@backstage/plugin-catalog-backend Prototype Pollution vulnerability High
CVE-2024-45815 was published for @backstage/plugin-catalog-backend (npm) Sep 17, 2024
node-gettext vulnerable to Prototype Pollution High
CVE-2024-21528 was published for node-gettext (npm) Sep 10, 2024
njwt Prototype Pollution vulnerability High
CVE-2024-34273 was published for njwt (npm) May 16, 2024
Prototype pollution not blocked by object-path related utilities in hoolock Moderate
CVE-2024-23339 was published for hoolock (npm) Jan 23, 2024
d3ng03
XSS in jQuery as used in Drupal, Backdrop CMS, and other products Moderate
CVE-2019-11358 was published for django (RubyGems) Apr 26, 2019
klaudialax eoftedal
Rudloff
DOMPurify vulnerable to tampering by prototype polution Critical
CVE-2024-48910 was published for dompurify (npm) Oct 31, 2024
eslerm
Prototype pollution vulnerability found in Mermaid's bundled version of DOMPurify High
GHSA-m4gq-x24j-jpmf was published for mermaid (npm) Oct 22, 2024
aloisklink sidharthv96
ashishjain0512 mlevy-parasoft byt3n33dl3
SAP HANA Node.js client package vulnerable to Prototype Pollution Moderate
CVE-2024-45277 was published for @sap/hana-client (npm) Oct 8, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database