GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
335 advisories
Filter by severity
Embedded malicious code vulnerability in Vision1210, in the build 5 of operating system version 4...
Critical
Unreviewed
CVE-2023-2003
was published
Jul 13, 2023
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. The...
Critical
Unreviewed
CVE-2024-3094
was published
Mar 29, 2024
Malicious Package in beffer-xor
Critical
GHSA-7cvf-p83w-48q6
was published
for
beffer-xor
(npm)
Sep 3, 2020
Malicious Package in another-date-range-picker
Critical
GHSA-8rxg-9g6f-vq9p
was published
for
another-date-range-picker
(npm)
Sep 1, 2020
Malicious Package in @impala/bmap
Critical
GHSA-c82c-8pjw-6829
was published
for
@impala/bmap
(npm)
Sep 1, 2020
Malicious Package in another-date-picker
Critical
GHSA-2p62-c4rm-mr72
was published
for
another-date-picker
(npm)
Sep 1, 2020
npm-script-demo is malware
Critical
CVE-2017-16128
was published
for
npm-script-demo
(npm)
Sep 1, 2020
Malicious Package in eslint-scope
Critical
GHSA-hxxf-q3w9-4xgw
was published
for
eslint-config-eslint
(npm)
Jul 12, 2018
Malware in pre-build binaries of bignum
Critical
GHSA-7cgc-fjv4-52x6
was published
for
bignum
(npm)
May 24, 2023
Embedded Malicious Code in node-ipc
Critical
CVE-2022-23812
was published
for
node-ipc
(npm)
Mar 16, 2022
Critical severity vulnerability that affects event-stream and flatmap-stream
Critical
GHSA-mh6f-8j2x-4483
was published
for
event-stream
(npm)
Nov 26, 2018
Malicious npm package: discord-fix
Critical
GHSA-qv2g-99x4-45x6
was published
for
discord-fix
(npm)
Jan 29, 2021
Malicious npm package: sonatype
Critical
GHSA-w8fh-pvq2-x8c4
was published
for
sonatype
(npm)
Jan 29, 2021
Malicious code in `loadyaml`
Critical
GHSA-mfc2-93pr-jf92
was published
for
loadyaml
(npm)
Oct 1, 2020
Malicious Package in 1337qq-js
Critical
GHSA-7wgh-5q4q-6wx5
was published
for
1337qq-js
(npm)
Sep 4, 2020
Malicious Package in commandre
Critical
GHSA-r8hx-3qx6-hxq9
was published
for
commandre
(npm)
Sep 3, 2020
Malicious Package in crpyto-js
Critical
GHSA-73c6-vwjh-g3qh
was published
for
crpyto-js
(npm)
Sep 3, 2020
Malicious Package in hw-trnasport-u2f
Critical
GHSA-4363-x42f-xph6
was published
for
hw-trnasport-u2f
(npm)
Sep 3, 2020
Malicious Package in ripedm160
Critical
GHSA-9272-59x2-gwf2
was published
for
ripedm160
(npm)
Sep 3, 2020
Malicious Package in riped160
Critical
GHSA-rwcq-qpm6-7867
was published
for
riped160
(npm)
Sep 3, 2020
Malicious Package in wallet-address-validtaor
Critical
GHSA-pc7q-c837-3wjq
was published
for
wallet-address-validtaor
(npm)
Sep 3, 2020
Malicious Package in web3-eht
Critical
GHSA-29fh-xcjr-p7rx
was published
for
web3-eht
(npm)
Sep 3, 2020
Malicious npm package: an0n-chat-lib
Critical
GHSA-7xcv-wvr7-4h6p
was published
for
an0n-chat-lib
(npm)
Jan 29, 2021
ProTip!
Advisories are also available from the
GraphQL API