GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
10 advisories
Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions
Moderate
CVE-2025-13465
was published
for
lodash
(npm)
Jan 21, 2026
qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion
Moderate
CVE-2025-15284
was published
for
qs
(npm)
Dec 30, 2025
url-parse incorrectly parses hostname / protocol due to unstripped leading control characters.
Moderate
CVE-2022-0691
was published
for
url-parse
(npm)
Feb 22, 2022
url-parse Incorrectly parses URLs that include an '@'
Moderate
CVE-2022-0639
was published
for
url-parse
(npm)
Feb 18, 2022
Authorization bypass in url-parse
Moderate
CVE-2022-0512
was published
for
url-parse
(npm)
Feb 15, 2022
Improper Validation and Sanitization in url-parse
Moderate
CVE-2020-8124
was published
for
url-parse
(npm)
Jan 6, 2022
Cross-Site Scripting in backbone
Moderate
CVE-2016-10537
was published
for
backbone
(npm)
Feb 18, 2019
ProTip!
Advisories are also available from the
GraphQL API