GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
9 advisories
Cross-Site Scripting in backbone
Moderate
CVE-2016-10537
was published
for
backbone
(npm)
Feb 18, 2019
Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions
Moderate
CVE-2025-13465
was published
for
lodash
(npm)
Jan 21, 2026
url-parse incorrectly parses hostname / protocol due to unstripped leading control characters.
Moderate
CVE-2022-0691
was published
for
url-parse
(npm)
Feb 22, 2022
Improper Validation and Sanitization in url-parse
Moderate
CVE-2020-8124
was published
for
url-parse
(npm)
Jan 6, 2022
Authorization bypass in url-parse
Moderate
CVE-2022-0512
was published
for
url-parse
(npm)
Feb 15, 2022
url-parse Incorrectly parses URLs that include an '@'
Moderate
CVE-2022-0639
was published
for
url-parse
(npm)
Feb 18, 2022
ProTip!
Advisories are also available from the
GraphQL API