Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,343
Erlang
31
GitHub Actions
22
Go
2,107
Maven
5,000+
npm
3,764
NuGet
679
pip
3,452
Pub
12
RubyGems
892
Rust
886
Swift
37
Unreviewed advisories
All unreviewed
5,000+

17 advisories

Loading
Prototype Pollution in lodash Moderate
CVE-2018-3721 was published for lodash (npm) Jul 26, 2018
Prototype Pollution in lodash High
CVE-2018-16487 was published for lodash (npm) Feb 7, 2019
Prototype Pollution in lodash Critical
CVE-2019-10744 was published for lodash (npm) Jul 10, 2019
Regular Expression Denial of Service (ReDoS) in lodash Moderate
CVE-2019-1010266 was published for lodash (npm) Jul 19, 2019
mitchell-codecov
Prototype Pollution in lodash High
CVE-2020-8203 was published for lodash (npm) Jul 15, 2020
mitchell-codecov jkmartindale
bengry greengeko tompazourek
Prototype Pollution in lodash.merge High
GHSA-h726-x36v-rx45 was published for lodash.merge (npm) Sep 3, 2020
Prototype Pollution in lodash.merge High
GHSA-2m96-9w4j-wgv7 was published for lodash.merge (npm) Sep 3, 2020
Prototype Pollution in lodash.defaultsdeep High
GHSA-h5mp-5q4p-ggf5 was published for lodash.defaultsdeep (npm) Sep 3, 2020
Prototype Pollution in lodash.mergewith High
GHSA-5947-m4fg-xhqg was published for lodash.mergewith (npm) Sep 3, 2020
Prototype Pollution in lodash.defaultsdeep High
GHSA-46fh-8fc5-xcwx was published for lodash.defaultsdeep (npm) Sep 3, 2020
Prototype Pollution in lodash.mergewith High
GHSA-779f-wgxg-qr8f was published for lodash.mergewith (npm) Sep 3, 2020
Command Injection in lodash High
CVE-2021-23337 was published for lodash (npm) May 6, 2021
mitchell-codecov nitaiapiiro
ebickle
Regular Expression Denial of Service (ReDoS) in lodash Moderate
CVE-2020-28500 was published for lodash (npm) Jan 6, 2022
mitchell-codecov nitaiapiiro
DmitriyLewen jkmartindale
Cross-Site-Scripting attack on `<RichTextField>` Moderate
CVE-2023-25572 was published for ra-ui-materialui (npm) Feb 14, 2023
daugsbi
Strapi plugins vulnerable to Server-Side Template Injection and Remote Code Execution in the Users-Permissions Plugin Critical
CVE-2023-22621 was published for @strapi/plugin-email (npm) Apr 19, 2023
derrickmehaffy Ccamm
Convly
@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass High
CVE-2024-34065 was published for @strapi/plugin-users-permissions (npm) Jun 12, 2024
Eventyret iarce-qb
derrickmehaffy Convly innerdvations alexandrebodin
@75lb/deep-merge Prototype Pollution vulnerability High
CVE-2024-38986 was published for @75lb/deep-merge (npm) Jul 30, 2024
thewilkybarkid
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database