Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

356 advisories

Loading
@backstage/plugin-catalog-backend Prototype Pollution vulnerability Moderate
CVE-2024-45815 was published for @backstage/plugin-catalog-backend (npm) Sep 17, 2024
DOMPurify allows tampering by prototype pollution High
CVE-2024-45801 was published for dompurify (npm) Sep 16, 2024
eslerm cure53
dset Prototype Pollution vulnerability High
CVE-2024-21529 was published for dset (npm) Sep 11, 2024
node-gettext vulnerable to Prototype Pollution Moderate
CVE-2024-21528 was published for node-gettext (npm) Sep 10, 2024
Prototype pollution in ag-grid-community via the _.mergeDeep function High
CVE-2024-38996 was published for ag-grid-community (npm) Jul 1, 2024
kiril-matev
Remote Code Execution via Script (Python) objects under Python 3 High
CVE-2021-32811 was published for Zope (pip) Aug 5, 2021
Remote Code Execution via unsafe classes in otherwise permitted modules Moderate
CVE-2021-32807 was published for AccessControl (pip) Aug 5, 2021
ag-grid packages vulnerable to Prototype Pollution Moderate
CVE-2024-39001 was published for @ag-grid-enterprise/charts (npm) Jul 1, 2024
kiril-matev AgidensKevinG
mysql2 vulnerable to Prototype Poisoning Moderate
CVE-2024-21509 was published for mysql2 (npm) Apr 10, 2024
MiguelCastillo @bit/loader Prototype Pollution issue High
CVE-2024-24293 was published for @bit/loader (npm) May 20, 2024
Prototype pollution in izatop bunt Critical
CVE-2024-38989 was published for @bunt/app (npm) Aug 12, 2024
robinweser fast-loops vulnerable to prototype pollution High
CVE-2024-39008 was published for fast-loops (npm) Jul 1, 2024
@75lb/deep-merge Prototype Pollution vulnerability High
CVE-2024-38986 was published for @75lb/deep-merge (npm) Jul 30, 2024
thewilkybarkid
jrburke requirejs vulnerable to prototype pollution High
CVE-2024-38999 was published for requirejs (npm) Jul 1, 2024
BlazingWizard
njwt Prototype Pollution vulnerability Moderate
CVE-2024-34273 was published for njwt (npm) May 16, 2024
@thi.ng/paths Prototype Pollution vulnerability Critical
CVE-2024-29650 was published for @thi.ng/paths (npm) Mar 25, 2024
obx Prototype Pollution Critical
CVE-2024-36573 was published for @almela/obx (npm) Jun 17, 2024
Badger Database Prototype Pollution High
CVE-2024-36581 was published for @abw/badger-database (npm) Jun 17, 2024
ejs lacks certain pollution protection Moderate
CVE-2024-33883 was published for ejs (npm) Apr 28, 2024
@aofl/cli-lib Prototype Pollution vulnerability Moderate
CVE-2024-38987 was published for @aofl/cli-lib (npm) Jul 1, 2024
@cat5th/key-serializer Prototype Pollution vulnerability Moderate
CVE-2024-39018 was published for @cat5th/key-serializer (npm) Jul 1, 2024
jsonic was discovered to contain a prototype pollution via the function empty. Critical
CVE-2024-38993 was published for jsonic (npm) Jul 1, 2024 withdrawn
wzrdtales
flatten-json Prototype Pollution Moderate
CVE-2024-36574 was published for @allanlancioni/flatten-json (npm) Jun 17, 2024
Object Resolver Prototype Pollution High
CVE-2024-36577 was published for @apphp/object-resolver (npm) Jun 17, 2024
Blackprint @blackprint/engine Prototype Pollution issue Critical
CVE-2024-24294 was published for @blackprint/engine (npm) May 20, 2024
ProTip! Advisories are also available from the GraphQL API