Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

131 advisories

Loading
DOMPurify vulnerable to tampering by prototype polution Critical
CVE-2024-48910 was published for dompurify (npm) Oct 31, 2024
eslerm
Prototype pollution in izatop bunt Critical
CVE-2024-38989 was published for @bunt/app (npm) Aug 12, 2024
jsonic was discovered to contain a prototype pollution via the function empty. Critical
CVE-2024-38993 was published for jsonic (npm) Jul 1, 2024 withdrawn
wzrdtales
obx Prototype Pollution Critical
CVE-2024-36573 was published for @almela/obx (npm) Jun 17, 2024
Blackprint @blackprint/engine Prototype Pollution issue Critical
CVE-2024-24294 was published for @blackprint/engine (npm) May 20, 2024
@thi.ng/paths Prototype Pollution vulnerability Critical
CVE-2024-29650 was published for @thi.ng/paths (npm) Mar 25, 2024
JSONata expression can pollute the "Object" prototype Critical
CVE-2024-27307 was published for jsonata (npm) Mar 4, 2024
AlbertSPedersen
plotly.js prototype pollution vulnerability Critical
CVE-2023-46308 was published for plotly.js (Composer) Jan 3, 2024
Prototype Pollution in ali-security/mongoose Critical
GHSA-rc4v-99cr-pjcm was published for @seal-security/mongoose-fixed (npm) Oct 17, 2023
tree-kit Prototype Pollution vulnerability Critical
CVE-2023-38894 was published for tree-kit (npm) Aug 17, 2023
MrSwitch hello.js vulnerable to prototype pollution Critical
CVE-2021-26505 was published for hellojs (npm) Aug 11, 2023
Mongoose Prototype Pollution vulnerability Critical
CVE-2023-3696 was published for mongoose (npm) Jul 17, 2023
protobufjs Prototype Pollution vulnerability Critical
CVE-2023-36665 was published for protobufjs (npm) Jul 5, 2023
fhoeben stephengroat
Parse Server vulnerable to remote code execution via MongoDB BSON parser through prototype pollution Critical
CVE-2023-36475 was published for parse-server (npm) Jun 30, 2023
dblythy mtrezza
Prototype Pollution in vConsole Critical
CVE-2023-30363 was published for vconsole (npm) Apr 26, 2023
renbaoshuo
safe-eval vulnerable to Prototype Pollution via the safeEval function Critical
CVE-2023-26121 was published for safe-eval (npm) Apr 11, 2023
safe-eval vulnerable to Sandbox Bypass due to improper input sanitization Critical
CVE-2023-26122 was published for safe-eval (npm) Apr 11, 2023
Baobab vulnerable to Prototype Pollution Critical
CVE-2021-4307 was published for baobab (npm) Jan 7, 2023
json-pointer vulnerable to Prototype Pollution Critical
CVE-2022-4742 was published for json-pointer (npm) Dec 26, 2022
flat vulnerable to Prototype Pollution Critical
CVE-2020-36632 was published for flat (npm) Dec 25, 2022
safe-eval vulnerable to Prototype Pollution Critical
CVE-2022-25904 was published for safe-eval (npm) Dec 20, 2022
FurqanSoftware/node-whois vulnerable to Prototype Pollution Critical
CVE-2020-36618 was published for whois (npm) Dec 19, 2022
npm package rfc6902 vulnerable to Prototype Pollution Critical
CVE-2021-4245 was published for rfc6902 (npm) Dec 15, 2022
Remote code execution via MongoDB BSON parser through prototype pollution Critical
CVE-2022-39396 was published for parse-server (npm) Nov 8, 2022
thlorenz browserify-shim vulnerable to prototype pollution Critical
CVE-2022-37623 was published for browserify-shim (npm) Oct 31, 2022
ProTip! Advisories are also available from the GraphQL API