Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+

335 advisories

Loading
Malicious Package in buffer-xob Critical
GHSA-gpg2-7r7j-4pm9 was published for buffer-xob (npm) Sep 3, 2020
Malicious Package in buffes-xor Critical
GHSA-28f4-mjfq-qrvf was published for buffes-xor (npm) Sep 3, 2020
Malicious Package in file-logging Critical
GHSA-wwwg-6r7f-9c9h was published for file-logging (npm) Sep 3, 2020
Malicious Package in comander Critical
GHSA-4xg9-g7qj-jhg4 was published for comander (npm) Sep 3, 2020
Malicious Package in btffer-xor Critical
GHSA-8hrq-9wm7-v3jw was published for btffer-xor (npm) Sep 3, 2020
Malicious Package in mysql-koa Critical
GHSA-x45v-pvpg-hcrh was published for mysql-koa (npm) Sep 3, 2020
Malicious Package in 8.9.4 Critical
GHSA-725f-3pw7-rq6x was published for 8.9.4 (npm) Sep 3, 2020
Malicious Package in ali-contributors Critical
GHSA-8m5v-f2wp-wqr9 was published for ali-contributors (npm) Sep 3, 2020
Malicious Package in alico Critical
GHSA-jfx5-7mr2-g8hg was published for alico (npm) Sep 3, 2020
Malicious Package in cage-js Critical
GHSA-jf8x-wg7f-p3w8 was published for cage-js (npm) Sep 3, 2020
Malicious Package in nodes.js Critical
GHSA-38vq-cjh5-vw7x was published for nodes.js (npm) Sep 3, 2020
Malicious Package in deasyncp Critical
GHSA-qfc9-x7gv-27jr was published for deasyncp (npm) Sep 3, 2020
Malicious Package in river-mock Critical
GHSA-2h3x-95c6-885r was published for river-mock (npm) Sep 3, 2020
Malicious Package in diamond-clien Critical
GHSA-86gv-xpwv-jprc was published for diamond-clien (npm) Sep 3, 2020
Malicious Package in alipayjsapi Critical
GHSA-rjhc-w3fj-j6x9 was published for alipayjsapi (npm) Sep 3, 2020
Malicious Package in react-datepicker-plus Critical
GHSA-4wcx-c9c4-89p2 was published for react-datepicker-plus (npm) Sep 11, 2020
Malicious Package in vue-backbone Critical
GHSA-5635-9mvj-r6hp was published for vue-backbone (npm) Sep 3, 2020
Malicious code in `electorn` Critical
GHSA-38hx-3542-8fh3 was published for electorn (npm) Oct 1, 2020
Malicious Package in equest Critical
GHSA-mvch-rh6h-2m47 was published for equest (npm) Sep 11, 2020
Malicious Package in carloprojectdiscord Critical
GHSA-9rwj-8mh9-4876 was published for carloprojectdiscord (npm) Sep 2, 2020
Malicious Package in reques Critical
GHSA-g8jc-mm3c-cwhj was published for reques (npm) Sep 2, 2020
Malicious Package in whiteproject Critical
GHSA-8j7x-pr59-m5h8 was published for whiteproject (npm) Sep 2, 2020
Malicious Package in blubird Critical
GHSA-rvww-x6m4-4vc2 was published for blubird (npm) Sep 11, 2020
Malicious Package in requesst Critical
GHSA-6c37-2rw5-9j7x was published for requesst (npm) Sep 2, 2020
Malicious Package in 4equest Critical
GHSA-p33q-w45h-2hcj was published for 4equest (npm) Sep 2, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database