Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

27 advisories

Loading
Remote Code Execution via Script (Python) objects under Python 3 High
CVE-2021-32811 was published for Zope (pip) Aug 5, 2021
Prototype Pollution in immer High
CVE-2021-3757 was published for immer (npm) Sep 7, 2021
levpachmanov
Prototype Pollution in merge High
CVE-2020-28499 was published for merge (npm) May 4, 2021
Class destructors causing side-effects when being unserialized in TYPO3 CMS High
CVE-2020-11066 was published for typo3/cms (Composer) May 13, 2020
ohader
Phar object injection in PHPMailer High
CVE-2018-19296 was published for phpmailer/phpmailer (Composer) Mar 5, 2020
Prototype Pollution in y18n High
CVE-2020-7774 was published for y18n (npm) Mar 29, 2021
Prototype Pollution in object-path High
CVE-2021-3805 was published for object-path (npm) Sep 20, 2021
kurt-r2c
Prototype Pollution in node-forge High
CVE-2020-7720 was published for node-forge (npm) Sep 14, 2020
Netmaker Vulnerable to Privilege Escalation From Non Admin To Admin User High
CVE-2023-32079 was published for github.com/gravitl/netmaker (Go) Aug 25, 2023
rootxharsh iamnoooob
Improperly Controlled Modification of Dynamically-Determined Object Attributes in casperjs High
CVE-2020-7679 was published for casperjs (npm) May 17, 2021
Prototype Pollution in record-like-deep-assign High
CVE-2021-23402 was published for record-like-deep-assign (npm) Dec 10, 2021
sqlite vulnerable to code execution due to Object coercion High
CVE-2022-43441 was published for sqlite3 (npm) Mar 13, 2023
Prototype Pollution in think-helper High
CVE-2021-32736 was published for think-helper (npm) Jul 1, 2021
yoshino-s
Prototype Pollution in Dynamoose High
CVE-2021-21304 was published for dynamoose (npm) Feb 8, 2021
Prototype Pollution in Node-Red High
CVE-2021-21297 was published for @node-red/runtime (npm) Feb 26, 2021
body-parser-xml vulnerable to Prototype Pollution High
CVE-2021-3666 was published for body-parser-xml (npm) Sep 14, 2021
Prototype pollution in chart.js High
CVE-2020-7746 was published for chart.js (npm) May 10, 2021
Prototype pollution in grpc and @grpc/grpc-js High
CVE-2020-7768 was published for @grpc/grpc-js (npm) May 10, 2021
assign-deep Vulnerable to Prototype Pollution High
CVE-2019-10745 was published for assign-deep (npm) Aug 21, 2019
Prototype Pollution in x-assign High
CVE-2021-23452 was published for x-assign (npm) Oct 21, 2021
Prototype Pollution in angular High
CVE-2019-10768 was published for angular (npm) Nov 20, 2019
Uncontrolled Resource Consumption in fun-map High
CVE-2020-7644 was published for fun-map (npm) Dec 10, 2021
Improperly Controlled Modification of Dynamically-Determined Object Attributes in utilitify High
CVE-2019-10808 was published for utilitify (npm) May 7, 2021
Prototype Pollution in cookiex/deep High
CVE-2021-23442 was published for @cookiex/deep (npm) Sep 20, 2021
Prototype Pollution in deepmerge-ts High
CVE-2022-24802 was published for deepmerge-ts (npm) Apr 1, 2022
ProTip! Advisories are also available from the GraphQL API