GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
412 advisories
Filter by severity
Prototype pollution in jsii.configureCategories
Low
GHSA-m56h-5xx3-2jc2
was published
for
jsii
(npm)
Dec 18, 2024
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')...
Critical
Unreviewed
CVE-2024-56059
was published
Dec 18, 2024
Bun has an Application-level Prototype Pollution vulnerability in the runtime native API for Glo
Moderate
CVE-2024-21548
was published
for
bun
(npm)
Dec 18, 2024
In JetBrains YouTrack before 2024.3.52635 multiple merge functions were vulnerable to prototype...
Moderate
Unreviewed
CVE-2024-54156
was published
Dec 4, 2024
@intlify/shared Prototype Pollution vulnerability
Moderate
CVE-2024-52810
was published
for
@intlify/shared
(npm)
Dec 2, 2024
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')...
Critical
Unreviewed
CVE-2024-52441
was published
Nov 20, 2024
DOMPurify vulnerable to tampering by prototype polution
Critical
CVE-2024-48910
was published
for
dompurify
(npm)
Oct 31, 2024
Prototype pollution vulnerability found in Mermaid's bundled version of DOMPurify
High
GHSA-m4gq-x24j-jpmf
was published
for
mermaid
(npm)
Oct 22, 2024
SAP HANA Node.js client package vulnerable to Prototype Pollution
Moderate
CVE-2024-45277
was published
for
@sap/hana-client
(npm)
Oct 8, 2024
@saltcorn/server Remote Code Execution (RCE) / SQL injection via prototype pollution by manipulating `lang` and `defstring` parameters when setting localizer strings
High
GHSA-78p3-fwcq-62c2
was published
for
@saltcorn/server
(npm)
Oct 3, 2024
uPlot Prototype Pollution vulnerability
High
CVE-2024-21489
was published
for
uplot
(npm)
Oct 1, 2024
@backstage/plugin-catalog-backend Prototype Pollution vulnerability
High
CVE-2024-45815
was published
for
@backstage/plugin-catalog-backend
(npm)
Sep 17, 2024
DOMPurify allows tampering by prototype pollution
High
CVE-2024-45801
was published
for
dompurify
(npm)
Sep 16, 2024
dset Prototype Pollution vulnerability
High
CVE-2024-21529
was published
for
dset
(npm)
Sep 11, 2024
node-gettext vulnerable to Prototype Pollution
High
CVE-2024-21528
was published
for
node-gettext
(npm)
Sep 10, 2024
Chartist 1.x through 1.3.0 allows Prototype Pollution via the extend function.
Critical
Unreviewed
CVE-2024-45435
was published
Aug 29, 2024
A flaw allowing arbitrary code execution was discovered in Kibana. An attacker with access to ML...
Critical
Unreviewed
CVE-2024-37287
was published
Aug 13, 2024
Prototype pollution in izatop bunt
Critical
CVE-2024-38989
was published
for
@bunt/app
(npm)
Aug 12, 2024
Prototype Pollution in alykoshin mini-deep-assign v0.0.8 allows an attacker to execute arbitrary...
Critical
Unreviewed
CVE-2024-38983
was published
Jul 30, 2024
Prototype Pollution in chargeover redoc v2.0.9-rc.69 allows attackers to execute arbitrary code...
Critical
Unreviewed
CVE-2024-39011
was published
Jul 30, 2024
ais-ltd strategyen v0.4.0 was discovered to contain a prototype pollution via the function...
Critical
Unreviewed
CVE-2024-39012
was published
Jul 30, 2024
@75lb/deep-merge Prototype Pollution vulnerability
High
CVE-2024-38986
was published
for
@75lb/deep-merge
(npm)
Jul 30, 2024
Prototype pollution in allpro form-manager 0.7.4 allows attackers to run arbitrary code and cause...
Critical
Unreviewed
CVE-2024-36572
was published
Jul 30, 2024
chase-moskal snapstate v0.0.9 was discovered to contain a prototype pollution via the function...
Critical
Unreviewed
CVE-2024-39010
was published
Jul 30, 2024
Prototype Pollution in lukebond json-override 0.2.0 allows attackers to to execute arbitrary code...
Critical
Unreviewed
CVE-2024-38984
was published
Jul 30, 2024
ProTip!
Advisories are also available from the
GraphQL API