Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

400 advisories

Loading
Prototype Pollution in deep.assign Critical
CVE-2021-40663 was published for deep.assign (npm) Jul 1, 2022
Prototype Pollution in deep-get-set High
CVE-2022-21231 was published for deep-get-set (npm) Jun 25, 2022
Prototype Pollution in mout High
CVE-2022-21213 was published for mout (npm) Jun 18, 2022
ssong
Prototype Pollution in querymen Moderate
CVE-2022-25871 was published for querymen (npm) Jun 18, 2022
Prototype Pollution in protobufjs High
CVE-2022-25878 was published for protobufjs (npm) May 28, 2022
dotdash steinz
mootools-more vulnerable to prototype pollution High
CVE-2021-20088 was published for mootools-more (npm) May 24, 2022
deep-defaults vulnerable to prototype pollution Critical
CVE-2021-25944 was published for deep-defaults (npm) May 24, 2022
jquery-plugin-query-object contains prototype pollution vulnerability High
CVE-2021-20083 was published for jquery-query-object (npm) May 24, 2022
Changeset vulnerable to prototype pollution Critical
CVE-2021-25915 was published for changeset (npm) May 24, 2022
dset vulnerable to prototype pollution Critical
CVE-2020-28277 was published for dset (npm) May 24, 2022
flattenizer vulnerable to prototype pollution Critical
CVE-2020-28279 was published for flattenizer (npm) May 24, 2022
shvl vulnerable to prototype pollution Critical
CVE-2020-28278 was published for shvl (npm) May 24, 2022
Prototype pollution vulnerability in 'deep-set' Critical
CVE-2020-28276 was published for deep-set (npm) May 24, 2022
keyget vulnerable to prototype pollution Critical
CVE-2020-28272 was published for keyget (npm) May 24, 2022
Prototype pollution in @strikeentco/set High
CVE-2020-28267 was published for @strikeentco/set (npm) May 24, 2022
jhutchings1
linux-cmdline is vulnerable to Prototype Pollution via the constructor Critical
CVE-2020-7704 was published for linux-cmdline (npm) May 24, 2022
Beaker before 0.8.9 allows a sandbox escape, enabling system access and code execution. This... Critical Unreviewed
CVE-2020-12079 was published May 24, 2022
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the UpgradeWizard... Moderate Unreviewed
CVE-2019-17317 was published May 24, 2022
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Administration... Moderate Unreviewed
CVE-2019-17315 was published May 24, 2022
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Import module by a... Moderate Unreviewed
CVE-2019-17316 was published May 24, 2022
Prototype Pollution in convict Critical
CVE-2022-21190 was published for convict (npm) May 14, 2022
Prototype Pollution in sds High
CVE-2022-25862 was published for sds (npm) May 14, 2022
An issue was discovered in CMS Made Simple 2.2.8. In the administrator page admin/changegroupperm... High Unreviewed
CVE-2019-9058 was published May 13, 2022
admin/partials/wp-splashing-admin-main.php in the Splashing Images plugin (wp-splashing-images)... High Unreviewed
CVE-2018-6195 was published May 13, 2022
The script '/adminui/error_details.php' in the Quest KACE System Management Appliance 8.0.318... High Unreviewed
CVE-2018-11135 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API