Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,761
Maven
5,000+
npm
4,368
NuGet
767
pip
4,137
Pub
12
RubyGems
962
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

493 advisories

Loading
Prototype Pollution in jquery-deparam High
CVE-2021-20087 was published for jquery-deparam (npm) May 24, 2021
devalue prototype pollution vulnerability High
CVE-2025-57820 was published for devalue (npm) Aug 26, 2025
apyatko Rich-Harris
dominikg
Credited to apyatko, Rich-Harris, and dominikg
utils-extend Prototype Pollution Critical
CVE-2024-57077 was published for utils-extend (npm) Feb 6, 2025
dsimk
Credited to dsimk
Vulnerability of exposing object heap addresses in the Ark eTS module. Impact: Successful... High Unreviewed
CVE-2025-58280 was published Sep 5, 2025
Prototype Pollution in sheetJS High
CVE-2023-30533 was published for xlsx (npm) Apr 24, 2023
pmartinat stof
kb-med
Credited to pmartinat, stof, and kb-med
Spreecommerce versions prior to 0.60.2 contains a remote command execution vulnerability in its... Critical Unreviewed
CVE-2011-10019 was published Aug 13, 2025
CSVTOJSON has a prototype pollution vulnerability Moderate
CVE-2025-57350 was published for csvtojson (npm) Sep 24, 2025
web3-core-subscriptions has a Prototype Pollution vulnerability Low
CVE-2025-57330 was published for web3-core-subscriptions (npm) Sep 24, 2025
messageformat has a prototype pollution vulnerability Low
CVE-2025-57349 was published for messageformat (npm) Sep 24, 2025
ts-fns has prototype pollution vulnerability Moderate
CVE-2025-57351 was published for ts-fns (npm) Sep 24, 2025
node-cube vulnerable to prototype pollution Low
CVE-2025-57348 was published for node-cube (npm) Sep 24, 2025
magix-combine-ex vulnerable to prototype pollution Low
CVE-2025-57321 was published for magix-combine-ex (npm) Sep 24, 2025
mpregular vulnerable to prototype pollution High
CVE-2025-57323 was published for mpregular (npm) Sep 24, 2025
sassdoc-extras vulnerable to prototype pollution Low
CVE-2025-57326 was published for sassdoc-extras (npm) Sep 24, 2025
spmrc vulnerable to prototype pollution Low
CVE-2025-57327 was published for spmrc (npm) Sep 24, 2025
toggle-array vulnerable to prototype pollution Low
CVE-2025-57328 was published for toggle-array (npm) Sep 24, 2025
web3-core-method is vulnerable to prototype pollution Low
CVE-2025-57329 was published for web3-core-method (npm) Sep 24, 2025
csvjson vulnerable to prototype injection High
CVE-2025-57318 was published for csvjson (npm) Sep 24, 2025
json-schema-editor-visual vulnerable to prototype pollution Moderate
CVE-2025-57320 was published for json-schema-editor-visual (npm) Sep 24, 2025
dref is vulnerable to prototype pollution High
CVE-2025-26278 was published for dref (npm) Sep 25, 2025
counterpart vulnerable to prototype pollution Moderate
CVE-2025-57354 was published for counterpart (npm) Sep 24, 2025
A vulnerability exists in the 'dagre-d3-es' Node.js package version 7.0.9, specifically within... Critical Unreviewed
CVE-2025-57347 was published Sep 24, 2025
Prototype Pollution in @hapi/subtext High
GHSA-g9cg-h3jm-cwrc was published for @hapi/pez (npm) Sep 3, 2020
amita-seal
Credited to amita-seal
Prototype Pollution in pez High
GHSA-g64q-3vg8-8f93 was published for pez (npm) Sep 3, 2020
amita-seal
Credited to amita-seal
algoliasearch-helper is vulnerable to Prototype Pollution in _merge() Moderate
CVE-2025-3193 was published for algoliasearch-helper (npm) Sep 27, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database