GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
460 advisories
utils-extend Prototype Pollution
Critical
CVE-2024-57077
was published
for
utils-extend
(npm)
Feb 6, 2025
devalue prototype pollution vulnerability
High
CVE-2025-57820
was published
for
devalue
(npm)
Aug 26, 2025
Prototype Pollution in lodash
Critical
CVE-2019-10744
was published
for
lodash
(RubyGems)
Jul 10, 2019
Prototype Pollution in lodash
Moderate
CVE-2018-3721
was published
for
lodash
(RubyGems)
Jul 26, 2018
content-security-policy-parser Prototype Pollution Vulnerability May Lead to RCE
High
CVE-2025-55164
was published
for
content-security-policy-parser
(npm)
Aug 12, 2025
js-toml Prototype Pollution Vulnerability
High
CVE-2025-54803
was published
for
js-toml
(npm)
Aug 4, 2025
@stryker-mutator/util vulnerable to Prototype Pollution
High
CVE-2024-57085
was published
for
@stryker-mutator/util
(npm)
Feb 6, 2025
@nyariv/sandboxjs has Prototype Pollution vulnerability that may lead to RCE
High
CVE-2025-34146
was published
for
@nyariv/sandboxjs
(npm)
Jul 31, 2025
billboard.js allows prototype pollution via the function generate
Critical
CVE-2025-49223
was published
for
billboard.js
(npm)
Jun 4, 2025
Linkify Allows Prototype Pollution & HTML Attribute Injection (XSS)
High
CVE-2025-8101
was published
for
linkifyjs
(npm)
Jul 26, 2025
Bun has an Application-level Prototype Pollution vulnerability in the runtime native API for Glo
Moderate
CVE-2024-21548
was published
for
bun
(npm)
Dec 18, 2024
Synchrony deobfuscator prototype pollution vulnerability leading to arbitrary code execution
High
CVE-2023-45811
was published
for
deobfuscator
(npm)
Oct 18, 2023
@pdfme/common vulnerable to to XSS and Prototype Pollution through its expression evaluation
Moderate
CVE-2025-53626
was published
for
@pdfme/common
(npm)
Jul 10, 2025
hoek subject to prototype pollution via the clone function.
High
CVE-2020-36604
was published
for
@hapi/hoek
(npm)
Sep 25, 2022
radashi Allows Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Moderate
CVE-2025-48054
was published
for
radashi
(npm)
May 27, 2025
ProTip!
Advisories are also available from the
GraphQL API