GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
45 advisories
Filter by severity
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')...
Critical
Unreviewed
CVE-2024-52441
was published
Nov 20, 2024
Chartist 1.x through 1.3.0 allows Prototype Pollution via the extend function.
Critical
Unreviewed
CVE-2024-45435
was published
Aug 29, 2024
A flaw allowing arbitrary code execution was discovered in Kibana. An attacker with access to ML...
Critical
Unreviewed
CVE-2024-37287
was published
Aug 13, 2024
ahilfoley cahil/utils v2.3.2 was discovered to contain a prototype pollution via the function set...
Critical
Unreviewed
CVE-2024-39014
was published
Jul 1, 2024
2o3t-utility v0.1.2 was discovered to contain a prototype pollution via the function extend. This...
Critical
Unreviewed
CVE-2024-39013
was published
Jul 1, 2024
ais-ltd strategyen v0.4.0 was discovered to contain a prototype pollution via the function...
Critical
Unreviewed
CVE-2024-39012
was published
Jul 30, 2024
Prototype Pollution in alykoshin mini-deep-assign v0.0.8 allows an attacker to execute arbitrary...
Critical
Unreviewed
CVE-2024-38983
was published
Jul 30, 2024
Prototype pollution in allpro form-manager 0.7.4 allows attackers to run arbitrary code and cause...
Critical
Unreviewed
CVE-2024-36572
was published
Jul 30, 2024
Prototype Pollution in lukebond json-override 0.2.0 allows attackers to to execute arbitrary code...
Critical
Unreviewed
CVE-2024-38984
was published
Jul 30, 2024
Prototype Pollution in chargeover redoc v2.0.9-rc.69 allows attackers to execute arbitrary code...
Critical
Unreviewed
CVE-2024-39011
was published
Jul 30, 2024
chase-moskal snapstate v0.0.9 was discovered to contain a prototype pollution via the function...
Critical
Unreviewed
CVE-2024-39010
was published
Jul 30, 2024
A vulnerability in the web-based management interface of HPE Aruba Networking EdgeConnect SD-WAN...
High
Unreviewed
CVE-2024-33519
was published
Jul 24, 2024
A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could...
High
Unreviewed
CVE-2024-22443
was published
Jul 24, 2024
amoyjs amoy common v1.0.10 was discovered to contain a prototype pollution via the function...
High
Unreviewed
CVE-2024-39003
was published
Jul 1, 2024
jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function config....
High
Unreviewed
CVE-2024-38998
was published
Jul 1, 2024
adolph_dudu ratio-swiper 0.0.2 was discovered to contain a prototype pollution via the function...
Moderate
Unreviewed
CVE-2024-39853
was published
Jul 1, 2024
che3vinci c3/utils-1 1.0.131 was discovered to contain a prototype pollution via the function...
High
Unreviewed
CVE-2024-39016
was published
Jul 1, 2024
adolph_dudu ratio-swiper v0.0.2 was discovered to contain a prototype pollution via the function...
Moderate
Unreviewed
CVE-2024-39000
was published
Jul 1, 2024
A Prototype Pollution issue in byondreal accessor <= 1.0.0 allows an attacker to execute...
High
Unreviewed
CVE-2024-36583
was published
Jun 17, 2024
The Winters theme for WordPress is vulnerable to Reflected Cross-Site Scripting via prototype...
Moderate
Unreviewed
CVE-2023-3962
was published
Oct 20, 2023
The nsc theme for WordPress is vulnerable to Reflected Cross-Site Scripting via prototype...
Moderate
Unreviewed
CVE-2023-3965
was published
Oct 20, 2023
The Your Journey theme for WordPress is vulnerable to Reflected Cross-Site Scripting via...
Moderate
Unreviewed
CVE-2023-3933
was published
Oct 20, 2023
The Popup by Supsystic WordPress plugin before 1.10.19 has a prototype pollution vulnerability...
Critical
Unreviewed
CVE-2023-3186
was published
Jul 17, 2023
A prototype pollution vulnerability exists in Strikingly CMS which can result in reflected cross...
Moderate
Unreviewed
CVE-2023-2582
was published
May 8, 2023
Cryptographic key vulnerability encoded in the FriendlyWrt firmware affecting version 2022-11-16...
Moderate
Unreviewed
CVE-2024-2495
was published
Mar 15, 2024
ProTip!
Advisories are also available from the
GraphQL API