GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,202
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,703
NuGet
660
pip
3,328
Pub
11
RubyGems
884
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+
405 advisories
Filter by severity
Prototype Pollution in @commercial/subtext
High
GHSA-36c4-4r89-6whg
was published
for
@commercial/subtext
(npm)
Sep 3, 2020
Prototype Pollution in @hapi/subtext
High
GHSA-g9cg-h3jm-cwrc
was published
for
@hapi/subtext
(npm)
Sep 3, 2020
Prototype Pollution in smart-extend
Moderate
GHSA-f8h3-rqrm-47v9
was published
for
smart-extend
(npm)
Sep 2, 2020
Prototype Pollution in merge-objects
Low
GHSA-992f-wf4w-x36v
was published
for
merge-objects
(npm)
Sep 1, 2020
Prototype Pollution in express-fileupload
Critical
CVE-2020-7699
was published
for
express-fileupload
(npm)
Aug 5, 2020
dot-prop Prototype Pollution vulnerability
High
CVE-2020-8116
was published
for
dot-prop
(npm)
Jul 29, 2020
Class destructors causing side-effects when being unserialized in TYPO3 CMS
High
CVE-2020-11066
was published
for
typo3/cms
(Composer)
May 13, 2020
confinit vulnerable to prototype pollution
Moderate
CVE-2020-7638
was published
for
confinit
(npm)
Apr 7, 2020
Prototype pollution in class-transformer
Moderate
CVE-2020-7637
was published
for
class-transformer
(npm)
Apr 7, 2020
Phar object injection in PHPMailer
High
CVE-2018-19296
was published
for
phpmailer/phpmailer
(Composer)
Mar 5, 2020
Prototype Pollution in handlebars
Critical
CVE-2019-19919
was published
for
bootstrap-wysihtml5-rails
(RubyGems)
Dec 26, 2019
Prototype Pollution in set-value
Critical
CVE-2019-10747
was published
for
set-value
(npm)
Aug 27, 2019
assign-deep Vulnerable to Prototype Pollution
High
CVE-2019-10745
was published
for
assign-deep
(npm)
Aug 21, 2019
Deserialization of untrusted data in FasterXML jackson-databind
Critical
CVE-2019-14379
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Aug 1, 2019
Prototype Pollution in @apollo/gateway
High
GHSA-74cr-77xc-8g6r
was published
for
@apollo/gateway
(npm)
Jun 13, 2019
Prototype Pollution in querystringify
High
GHSA-hxcm-v35h-mg2x
was published
for
querystringify
(npm)
Jun 7, 2019
XSS in jQuery as used in Drupal, Backdrop CMS, and other products
Moderate
CVE-2019-11358
was published
for
django
(RubyGems)
Apr 26, 2019
Prototype Pollution in just-extend
Critical
CVE-2018-16489
was published
for
just-extend
(npm)
Feb 7, 2019
ProTip!
Advisories are also available from the
GraphQL API