Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,521
Maven
5,000+
npm
5,000+
NuGet
912
pip
4,768
Pub
13
RubyGems
1,036
Rust
1,229
Swift
53
Unreviewed advisories
All unreviewed
5,000+

226 advisories

Loading
Acrobat Reader versions 26.001.21411, 24.001.30360, 24.001.30362 and earlier are affected by an... High Unreviewed
CVE-2026-34622 was published Apr 14, 2026
defu: Prototype pollution via `__proto__` key in defaults argument High
CVE-2026-35209 was published for defu (npm) Apr 4, 2026
BlackHatExploitation Credited to BlackHatExploitation and kricsleo kricsleo kricsleo
@stablelib/cbor: Prototype poisoning via `__proto__` map keys in CBOR decoding High
GHSA-w48f-fwg7-ww6p was published for @stablelib/cbor (npm) Apr 4, 2026
Jvr2022 Credited to Jvr2022
MikroORM has Prototype Pollution in Utils.merge High
CVE-2026-34221 was published for @mikro-orm/core (npm) Mar 29, 2026
lukas-eu Credited to lukas-eu
Prototype Pollution via parse() in NodeJS flatted High
CVE-2026-33228 was published for flatted (npm) Mar 19, 2026
yohannslm Credited to yohannslm
Parse Server's Cloud function dispatch crashes server via prototype chain traversal High
CVE-2026-32886 was published for parse-server (npm) Mar 17, 2026
fancymalware Credited to fancymalware and mtrezza mtrezza mtrezza
Parse Server has Denial of Service (DoS) and Cloud Function Dispatch Bypass via Prototype Chain Resolution High
CVE-2026-30939 was published for parse-server (npm) Mar 10, 2026
theinfosecguy Credited to theinfosecguy and mtrezza mtrezza mtrezza
Immutable is vulnerable to Prototype Pollution High
CVE-2026-29063 was published for immutable (npm) Mar 4, 2026
davkharrr Credited to davkharrr and FeBe95 FeBe95 FeBe95
A State Pollution vulnerability was discovered in the TON Virtual Machine (TVM) before v2025.04.... High Unreviewed
CVE-2025-70956 was published Feb 14, 2026
AdonisJS multipart body parsing has Prototype Pollution issue High
CVE-2026-25754 was published for @adonisjs/bodyparser (npm) Feb 6, 2026
RomainLanz Credited to RomainLanz
seroval Affected by Prototype Pollution via JSON Deserialization High
CVE-2026-23736 was published for seroval (npm) Jan 21, 2026
lxsmnsyc Credited to lxsmnsyc and tweidinger tweidinger tweidinger
tRPC has possible prototype pollution in `experimental_nextAppDirCaller` High
CVE-2025-68130 was published for @trpc/server (npm) Dec 16, 2025
Pr00fOf3xpl0it Credited to Pr00fOf3xpl0it
Vuetify has a Prototype Pollution vulnerability High
CVE-2025-8083 was published for vuetify (npm) Dec 12, 2025
expr-eval vulnerable to Prototype Pollution High
CVE-2025-13204 was published for expr-eval (npm) Nov 14, 2025
`sveltekit-superforms` has Prototype Pollution in `parseFormData` function of `formData.js` High
CVE-2025-62381 was published for sveltekit-superforms (npm) Oct 15, 2025
d-xuan Credited to d-xuan
dref is vulnerable to prototype pollution High
CVE-2025-26278 was published for dref (npm) Sep 25, 2025
csvjson vulnerable to prototype injection High
CVE-2025-57318 was published for csvjson (npm) Sep 24, 2025
mpregular vulnerable to prototype pollution High
CVE-2025-57323 was published for mpregular (npm) Sep 24, 2025
Vulnerability of exposing object heap addresses in the Ark eTS module. Impact: Successful... High Unreviewed
CVE-2025-58280 was published Sep 5, 2025
devalue prototype pollution vulnerability High
CVE-2025-57820 was published for devalue (npm) Aug 26, 2025
apyatko Credited to apyatko, Rich-Harris, and dominikg Rich-Harris Rich-Harris
dominikg dominikg
content-security-policy-parser Prototype Pollution Vulnerability May Lead to RCE High
CVE-2025-55164 was published for content-security-policy-parser (npm) Aug 12, 2025
pnappa Credited to pnappa and EvanHahn EvanHahn EvanHahn
js-toml Prototype Pollution Vulnerability High
CVE-2025-54803 was published for js-toml (npm) Aug 4, 2025
siunam321 Credited to siunam321
@nyariv/sandboxjs has Prototype Pollution vulnerability that may lead to RCE High
CVE-2025-34146 was published for @nyariv/sandboxjs (npm) Jul 31, 2025
JLLeitschuh Credited to JLLeitschuh
Linkify Allows Prototype Pollution & HTML Attribute Injection (XSS) High
CVE-2025-8101 was published for linkifyjs (npm) Jul 26, 2025
saip007 Credited to saip007 and caverav caverav caverav
Prototype Pollution in Kibana can lead to code injection via unrestricted file upload combined... High Unreviewed
CVE-2024-12556 was published Apr 8, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database