GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
164 advisories
Prototype Pollution via FormData Processing in Qwik City
Critical
CVE-2026-25150
was published
for
@builder.io/qwik-city
(npm)
Feb 3, 2026
locutus is vulnerable to Prototype Pollution
Critical
CVE-2026-25521
was published
for
locutus
(npm)
Feb 2, 2026
deepHas vulnerable to Prototype Pollution via constructor.prototype
Critical
CVE-2026-25047
was published
for
deephas
(npm)
Jan 29, 2026
Elysia vulnerable to prototype pollution with multiple standalone schema validation
Critical
CVE-2025-66456
was published
for
elysia
(npm)
Dec 9, 2025
happy-dom's `--disallow-code-generation-from-strings` is not sufficient for isolating untrusted JavaScript
Critical
CVE-2025-62410
was published
for
happy-dom
(npm)
Oct 15, 2025
billboard.js allows prototype pollution via the function generate
Critical
CVE-2025-49223
was published
for
billboard.js
(npm)
Jun 4, 2025
utils-extend Prototype Pollution
Critical
CVE-2024-57077
was published
for
utils-extend
(npm)
Feb 6, 2025
DOMPurify vulnerable to tampering by prototype polution
Critical
CVE-2024-48910
was published
for
dompurify
(npm)
Oct 31, 2024
ProTip!
Advisories are also available from the
GraphQL API