Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,080
Erlang
29
GitHub Actions
19
Go
1,908
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

400 advisories

Loading
Prototype Pollution in bmoor High
CVE-2020-7736 was published for bmoor (npm) May 10, 2021
Dynamic modification of RPyC service due to missing security check High
CVE-2019-16328 was published for rpyc (pip) Feb 17, 2021
comrumino
Prototype Pollution in locutus Critical
CVE-2020-7719 was published for locutus (npm) May 6, 2021
Improperly Controlled Modification of Dynamically-Determined Object Attributes in querymen Moderate
CVE-2020-7600 was published for querymen (npm) May 7, 2021
Improperly Controlled Modification of Dynamically-Determined Object Attributes in express-mock-middleware Moderate
CVE-2020-7616 was published for express-mock-middleware (npm) Dec 9, 2021
Prototype Pollution in sds Moderate
CVE-2020-7618 was published for sds (npm) Sep 3, 2020
Prototype Pollution in connie-lang Critical
CVE-2020-7706 was published for connie-lang (npm) May 6, 2021
Prototype Pollution in arr-flatten-unflatten Critical
CVE-2020-7713 was published for arr-flatten-unflatten (npm) May 6, 2021
Prototype pollution in multi-ini Moderate
CVE-2020-28460 was published for multi-ini (npm) Apr 13, 2021
Prototype pollution in class-transformer Moderate
CVE-2020-7637 was published for class-transformer (npm) Apr 7, 2020
Prototype Pollution in x-assign High
CVE-2021-23452 was published for x-assign (npm) Oct 21, 2021
Prototype Pollution in madlib-object-utils Critical
CVE-2020-7701 was published for madlib-object-utils (npm) May 6, 2021
Improperly Controlled Modification of Dynamically-Determined Object Attributes in Apache Struts Critical
CVE-2019-0230 was published for org.apache.struts:struts2-core (Maven) Dec 2, 2021
Prototype Pollution in nis-utils Critical
CVE-2020-7703 was published for nis-utils (npm) May 6, 2021
assign-deep Vulnerable to Prototype Pollution High
CVE-2019-10745 was published for assign-deep (npm) Aug 21, 2019
Prototype Pollution in express-fileupload Critical
CVE-2020-7699 was published for express-fileupload (npm) Aug 5, 2020
Prototype pollution in chart.js High
CVE-2020-7746 was published for chart.js (npm) May 10, 2021
Prototype pollution in grpc and @grpc/grpc-js High
CVE-2020-7768 was published for @grpc/grpc-js (npm) May 10, 2021
Prototype Pollution in property-expr Critical
CVE-2020-7707 was published for property-expr (npm) May 6, 2021
Prototype Pollution in templ8 Critical
CVE-2020-7702 was published for templ8 (npm) May 6, 2021
Autobinding vulnerability in MITREid Connect Critical
CVE-2021-27582 was published for org.mitre:openid-connect-parent (Maven) May 13, 2021
The script '/adminui/error_details.php' in the Quest KACE System Management Appliance 8.0.318... High Unreviewed
CVE-2018-11135 was published May 13, 2022
Beaker before 0.8.9 allows a sandbox escape, enabling system access and code execution. This... Critical Unreviewed
CVE-2020-12079 was published May 24, 2022
A vulnerability found in postgresql. On this security issue an attack requires permission to... High Unreviewed
CVE-2022-2625 was published Aug 19, 2022
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the UpgradeWizard... Moderate Unreviewed
CVE-2019-17317 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database