GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
21 advisories
Sveltejs devalue's `devalue.parse` and `devalue.unflatten` emit objects with `__proto__` own properties
Low
GHSA-mwv9-gp5h-frr4
was published
for
devalue
(npm)
Mar 12, 2026
OpenClaw's runtime /debug override path accepted prototype-reserved keys
Low
CVE-2026-27524
was published
for
openclaw
(npm)
Mar 3, 2026
devalue `uneval`ed code can create objects with polluted prototypes when `eval`ed
Low
GHSA-8qm3-746x-r74r
was published
for
devalue
(npm)
Feb 19, 2026
rollbar vulnerable to prototype pollution
Low
CVE-2025-57325
was published
for
rollbar
(npm)
Oct 20, 2025
Withdrawn Advisory: fast-redact vulnerable to prototype pollution
Low
CVE-2025-57319
was published
for
fast-redact
(npm)
Sep 24, 2025
•
withdrawn
Duplicate Advisory: rollbar vulnerable to prototype pollution
Low
GHSA-m929-rg27-gj99
was published
for
rollbar
(npm)
Sep 24, 2025
•
withdrawn
min-document vulnerable to prototype pollution
Low
CVE-2025-57352
was published
for
min-document
(npm)
Sep 24, 2025
Prototype pollution in emit function
Low
GHSA-82jv-9wjw-pqh6
was published
for
derby
(npm)
Apr 17, 2024
ProTip!
Advisories are also available from the
GraphQL API