GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,552
Composer 4,457
Erlang 33
GitHub Actions 22
Go 2,154
Maven 5,337
npm 3,818
NuGet 693
pip 3,496
Pub 12
RubyGems 902
Rust 903
Swift 38

Unreviewed advisories

All unreviewed 247,037

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

63 advisories

Filter by severity

Sort by

Least recently updated

Prototype pollution in Kibana leads to arbitrary code execution via a crafted file upload and... Critical Unreviewed

CVE-2025-25015 was published Mar 5, 2025

In Progress® Telerik® Kendo UI for Vue versions v2.4.0 through v6.0.1, an attacker can introduce... Moderate Unreviewed

CVE-2024-11628 was published Feb 12, 2025

In Progress® Telerik® KendoReact versions v3.5.0 through v9.4.0, an attacker can introduce or... Moderate Unreviewed

CVE-2024-12629 was published Feb 12, 2025

A prototype pollution in the lib.fromQuery function of underscore-contrib v0.3.0 allows attackers... High Unreviewed

CVE-2024-57081 was published Feb 6, 2025

A prototype pollution in the lib.post function of ajax-request v1.2.3 allows attackers to cause a... High Unreviewed

CVE-2024-57076 was published Feb 6, 2025

A prototype pollution in the function lib.parse of dot-properties v1.0.1 allows attackers to... High Unreviewed

CVE-2024-57084 was published Feb 6, 2025

A prototype pollution in the lib.merge function of xe-utils v3.5.31 allows attackers to cause a... High Unreviewed

CVE-2024-57074 was published Feb 6, 2025

A prototype pollution in the function deepMerge of @stryker-mutator/util v8.6.0 allows attackers... High Unreviewed

CVE-2024-57085 was published Feb 6, 2025

A prototype pollution in the lib.merge function of cli-util v1.1.27 allows attackers to cause a... High Unreviewed

CVE-2024-57078 was published Feb 6, 2025

A prototype pollution in the function fieldsToJson of node-opcua-alarm-condition v2.134.0 allows... High Unreviewed

CVE-2024-57086 was published Feb 6, 2025

A prototype pollution in the lib.combine function of php-parser v3.2.1 allows attackers to cause... High Unreviewed

CVE-2024-57071 was published Feb 6, 2025

A prototype pollution in the lib.createPath function of utile v0.3.0 allows attackers to cause a... High Unreviewed

CVE-2024-57065 was published Feb 6, 2025

A prototype pollution in the lib function of expand-object v0.4.2 allows attackers to cause a... High Unreviewed

CVE-2024-57069 was published Feb 6, 2025

A prototype pollution in the lib function of php-date-formatter v1.3.6 allows attackers to cause... High Unreviewed

CVE-2024-57063 was published Feb 6, 2025

A prototype pollution in the lib.parse function of dot-qs v0.2.0 allows attackers to cause a... High Unreviewed

CVE-2024-57067 was published Feb 6, 2025

A prototype pollution in the lib.setValue function of @syncfusion/ej2-spreadsheet v27.2.2 allows... High Unreviewed

CVE-2024-57064 was published Feb 6, 2025

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')... Critical Unreviewed

CVE-2024-56059 was published Dec 18, 2024

In JetBrains YouTrack before 2024.3.52635 multiple merge functions were vulnerable to prototype... Moderate Unreviewed

CVE-2024-54156 was published Dec 4, 2024

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')... Critical Unreviewed

CVE-2024-52441 was published Nov 20, 2024

Chartist 1.x through 1.3.0 allows Prototype Pollution via the extend function. Critical Unreviewed

CVE-2024-45435 was published Aug 29, 2024

A flaw allowing arbitrary code execution was discovered in Kibana. An attacker with access to ML... Critical Unreviewed

CVE-2024-37287 was published Aug 13, 2024

Prototype Pollution in alykoshin mini-deep-assign v0.0.8 allows an attacker to execute arbitrary... Critical Unreviewed

CVE-2024-38983 was published Jul 30, 2024

Prototype Pollution in chargeover redoc v2.0.9-rc.69 allows attackers to execute arbitrary code... Critical Unreviewed

CVE-2024-39011 was published Jul 30, 2024

Prototype Pollution in lukebond json-override 0.2.0 allows attackers to to execute arbitrary code... Critical Unreviewed

CVE-2024-38984 was published Jul 30, 2024

Prototype pollution in allpro form-manager 0.7.4 allows attackers to run arbitrary code and cause... Critical Unreviewed

CVE-2024-36572 was published Jul 30, 2024

Previous 1 2 3 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

63 advisories