Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

94 advisories

Loading
Prototype Pollution in Dynamoose High
CVE-2021-21304 was published for dynamoose (npm) Feb 8, 2021
Prototype Pollution in Node-Red High
CVE-2021-21297 was published for @node-red/runtime (npm) Feb 26, 2021
Prototype Pollution in ini-parser Critical
CVE-2020-7617 was published for ini-parser (npm) Jun 10, 2020
Prototype poisoning Moderate
CVE-2021-21368 was published for msgpack5 (npm) Mar 12, 2021
ninevra
Credited to ninevra
PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an... High Unreviewed
CVE-2020-24036 was published May 24, 2022
merge vulnerable to Prototype Pollution Critical
CVE-2021-3645 was published for @viking04/merge (npm) Sep 13, 2021
The Cloud Functions subsystem in OpenTrace 1.0 might allow fabrication attacks by making billions... Moderate Unreviewed
CVE-2020-11872 was published May 24, 2022
body-parser-xml vulnerable to Prototype Pollution High
CVE-2021-3666 was published for body-parser-xml (npm) Sep 14, 2021
A vulnerability found in postgresql. On this security issue an attack requires permission to... High Unreviewed
CVE-2022-2625 was published Aug 19, 2022
The script '/adminui/error_details.php' in the Quest KACE System Management Appliance 8.0.318... High Unreviewed
CVE-2018-11135 was published May 13, 2022
Prototype pollution in grpc and @grpc/grpc-js High
CVE-2020-7768 was published for @grpc/grpc-js (npm) May 10, 2021
Prototype Pollution in templ8 Critical
CVE-2020-7702 was published for templ8 (npm) May 6, 2021
Autobinding vulnerability in MITREid Connect Critical
CVE-2021-27582 was published for org.mitre:openid-connect-parent (Maven) May 13, 2021
Prototype Pollution in property-expr Critical
CVE-2020-7707 was published for property-expr (npm) May 6, 2021
Prototype pollution in chart.js High
CVE-2020-7746 was published for chart.js (npm) May 10, 2021
Prototype Pollution in express-fileupload Critical
CVE-2020-7699 was published for express-fileupload (npm) Aug 5, 2020
assign-deep Vulnerable to Prototype Pollution High
CVE-2019-10745 was published for assign-deep (npm) Aug 21, 2019
Prototype Pollution in x-assign High
CVE-2021-23452 was published for x-assign (npm) Oct 21, 2021
Prototype Pollution in madlib-object-utils Critical
CVE-2020-7701 was published for madlib-object-utils (npm) May 6, 2021
Prototype Pollution in nis-utils Critical
CVE-2020-7703 was published for nis-utils (npm) May 6, 2021
Improperly Controlled Modification of Dynamically-Determined Object Attributes in Apache Struts Critical
CVE-2019-0230 was published for org.apache.struts:struts2-core (Maven) Dec 2, 2021
Prototype Pollution in connie-lang Critical
CVE-2020-7706 was published for connie-lang (npm) May 6, 2021
Prototype pollution in class-transformer Moderate
CVE-2020-7637 was published for class-transformer (npm) Apr 7, 2020
confinit vulnerable to prototype pollution Moderate
CVE-2020-7638 was published for confinit (npm) Apr 7, 2020
Prototype Pollution in locutus Critical
CVE-2020-7719 was published for locutus (npm) May 6, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database