Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,080
Erlang
29
GitHub Actions
19
Go
1,908
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

400 advisories

Loading
Prototype Pollution in alykoshin mini-deep-assign v0.0.8 allows an attacker to execute arbitrary... Critical Unreviewed
CVE-2024-38983 was published Jul 30, 2024
ejs lacks certain pollution protection Moderate
CVE-2024-33883 was published for ejs (npm) Apr 28, 2024
Badger Database Prototype Pollution High
CVE-2024-36581 was published for @abw/badger-database (npm) Jun 17, 2024
obx Prototype Pollution Critical
CVE-2024-36573 was published for @almela/obx (npm) Jun 17, 2024
@thi.ng/paths Prototype Pollution vulnerability Critical
CVE-2024-29650 was published for @thi.ng/paths (npm) Mar 25, 2024
njwt Prototype Pollution vulnerability Moderate
CVE-2024-34273 was published for njwt (npm) May 16, 2024
jrburke requirejs vulnerable to prototype pollution High
CVE-2024-38999 was published for requirejs (npm) Jul 1, 2024
BlazingWizard
@75lb/deep-merge Prototype Pollution vulnerability High
CVE-2024-38986 was published for @75lb/deep-merge (npm) Jul 30, 2024
thewilkybarkid
ais-ltd strategyen v0.4.0 was discovered to contain a prototype pollution via the function... Critical Unreviewed
CVE-2024-39012 was published Jul 30, 2024
robinweser fast-loops vulnerable to prototype pollution High
CVE-2024-39008 was published for fast-loops (npm) Jul 1, 2024
Prototype pollution in izatop bunt Critical
CVE-2024-38989 was published for @bunt/app (npm) Aug 12, 2024
MiguelCastillo @bit/loader Prototype Pollution issue High
CVE-2024-24293 was published for @bit/loader (npm) May 20, 2024
2o3t-utility v0.1.2 was discovered to contain a prototype pollution via the function extend. This... Critical Unreviewed
CVE-2024-39013 was published Jul 1, 2024
ahilfoley cahil/utils v2.3.2 was discovered to contain a prototype pollution via the function set... Critical Unreviewed
CVE-2024-39014 was published Jul 1, 2024
A flaw allowing arbitrary code execution was discovered in Kibana. An attacker with access to ML... Critical Unreviewed
CVE-2024-37287 was published Aug 13, 2024
mysql2 vulnerable to Prototype Poisoning Moderate
CVE-2024-21509 was published for mysql2 (npm) Apr 10, 2024
ag-grid packages vulnerable to Prototype Pollution Moderate
CVE-2024-39001 was published for @ag-grid-enterprise/charts (npm) Jul 1, 2024
kiril-matev AgidensKevinG
Chartist 1.x through 1.3.0 allows Prototype Pollution via the extend function. Critical Unreviewed
CVE-2024-45435 was published Aug 29, 2024
Remote Code Execution via unsafe classes in otherwise permitted modules Moderate
CVE-2021-32807 was published for AccessControl (pip) Aug 5, 2021
Remote Code Execution via Script (Python) objects under Python 3 High
CVE-2021-32811 was published for Zope (pip) Aug 5, 2021
Prototype pollution in ag-grid-community via the _.mergeDeep function High
CVE-2024-38996 was published for ag-grid-community (npm) Jul 1, 2024
kiril-matev
node-gettext vulnerable to Prototype Pollution Moderate
CVE-2024-21528 was published for node-gettext (npm) Sep 10, 2024
dset Prototype Pollution vulnerability High
CVE-2024-21529 was published for dset (npm) Sep 11, 2024
DOMPurify allows tampering by prototype pollution High
CVE-2024-45801 was published for dompurify (npm) Sep 16, 2024
eslerm cure53
@backstage/plugin-catalog-backend Prototype Pollution vulnerability Moderate
CVE-2024-45815 was published for @backstage/plugin-catalog-backend (npm) Sep 17, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database