GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,247
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
400 advisories
Filter by severity
protobufjs Prototype Pollution vulnerability
Critical
CVE-2023-36665
was published
for
protobufjs
(npm)
Jul 5, 2023
tough-cookie Prototype Pollution vulnerability
Moderate
CVE-2023-26136
was published
for
tough-cookie
(npm)
Jul 1, 2023
Parse Server vulnerable to remote code execution via MongoDB BSON parser through prototype pollution
Critical
CVE-2023-36475
was published
for
parse-server
(npm)
Jun 30, 2023
flatnest Prototype Pollution vulnerability
High
CVE-2023-26135
was published
for
flatnest
(npm)
Jun 30, 2023
fast-xml-parser vulnerable to Prototype Pollution through tag or attribute name
Moderate
CVE-2023-26920
was published
for
fast-xml-parser
(npm)
Jun 13, 2023
progressbar.js vulnerable to Prototype Pollution
High
CVE-2023-26133
was published
for
progressbar.js
(npm)
Jun 12, 2023
dottie vulnerable to Prototype Pollution
High
CVE-2023-26132
was published
for
dottie
(npm)
Jun 10, 2023
antfu/utils vulnerable to prototype pollution
Moderate
CVE-2023-2972
was published
for
@antfu/utils
(npm)
May 30, 2023
A prototype pollution vulnerability exists in Strikingly CMS which can result in reflected cross...
Moderate
Unreviewed
CVE-2023-2582
was published
May 8, 2023
Possible prototype pollution in metadata record, when using meta decorator
Low
CVE-2023-30857
was published
for
@aedart/support
(npm)
May 1, 2023
Prototype Pollution in vConsole
Critical
CVE-2023-30363
was published
for
vconsole
(npm)
Apr 26, 2023
safe-eval vulnerable to Sandbox Bypass due to improper input sanitization
Critical
CVE-2023-26122
was published
for
safe-eval
(npm)
Apr 11, 2023
safe-eval vulnerable to Prototype Pollution via the safeEval function
Critical
CVE-2023-26121
was published
for
safe-eval
(npm)
Apr 11, 2023
xml2js is vulnerable to prototype pollution
Moderate
CVE-2023-0842
was published
for
xml2js
(npm)
Apr 5, 2023
Prototype pollution in matrix-js-sdk (part 2)
High
CVE-2023-28427
was published
for
matrix-js-sdk
(npm)
Mar 30, 2023
Prototype pollution in matrix-react-sdk
High
CVE-2023-28103
was published
for
matrix-react-sdk
(npm)
Mar 29, 2023
matrix-react-sdk Prototype pollution vulnerability
High
CVE-2022-36060
was published
for
matrix-react-sdk
(npm)
Mar 28, 2023
matrix-js-sdk Prototype Pollution vulnerability
High
CVE-2022-36059
was published
for
matrix-js-sdk
(npm)
Mar 28, 2023
Collection.js vulnerable to Prototype Pollution
High
CVE-2023-26113
was published
for
collection.js
(npm)
Mar 18, 2023
dot-lens vulnerable to Prototype Pollution
High
CVE-2023-26106
was published
for
dot-lens
(npm)
Mar 6, 2023
mde utilities contains Prototype Pollution
High
CVE-2023-26105
was published
for
utilities
(npm)
Feb 28, 2023
rangy vulnerable to Prototype Pollution
High
CVE-2023-26102
was published
for
rangy
(npm)
Feb 24, 2023
A prototype pollution vulnerability exists in Rocket.Chat server <5.2.0 that could allow an...
High
Unreviewed
CVE-2023-23917
was published
Feb 23, 2023
Prototype Pollution in Visioweb.js 1.10.6 allows attackers to execute XSS on the client system.
Moderate
Unreviewed
CVE-2022-3901
was published
Feb 20, 2023
ProTip!
Advisories are also available from the
GraphQL API