GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,779
Maven
5,000+
npm
3,544
NuGet
619
pip
3,133
Pub
10
RubyGems
838
Rust
792
Swift
34
Unreviewed advisories
All unreviewed
5,000+
2,961 advisories
Filter by severity
Malicious Package in reuest
Critical
GHSA-r863-p739-275c
was published
for
reuest
(npm)
Sep 11, 2020
Malicious Package in maybemaliciouspackage
Critical
GHSA-m9r7-q9fc-qwx5
was published
for
maybemaliciouspackage
(npm)
Sep 3, 2020
Malicious Package in appx-compiler
Critical
GHSA-8q2c-2396-hf7j
was published
for
appx-compiler
(npm)
Sep 3, 2020
Malicious Package in hsf-clients
Critical
GHSA-g5q2-fcg9-j526
was published
for
hsf-clients
(npm)
Sep 3, 2020
Malicious Package in qingting
Critical
GHSA-559q-92vx-xvjp
was published
for
qingting
(npm)
Sep 3, 2020
Malicious Package in load-from-cwd-or-npm
Critical
GHSA-jxf5-7x3j-8j9m
was published
for
load-from-cwd-or-npm
(npm)
Sep 3, 2020
Malicious Package in reequest
Critical
GHSA-rw4r-h883-8pf9
was published
for
reequest
(npm)
Sep 2, 2020
Deserialization of Untrusted Data in jackson-databind
Critical
CVE-2018-19361
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jan 4, 2019
Malicious Package in soket.js
Critical
GHSA-x6gq-467r-hwcc
was published
for
soket.js
(npm)
Sep 1, 2020
Server-Side Request Forgery (SSRF) in jackson-databind
Critical
CVE-2018-14721
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jan 4, 2019
XML External Entity (XXE) vulnerability in Square Retrofit
Critical
CVE-2018-1000844
was published
for
com.squareup.retrofit2:retrofit
(Maven)
Dec 21, 2018
Malicious Package in angular-material-sidenav-rnd
Critical
GHSA-qmxf-fxq7-w59f
was published
for
angular-material-sidenav-rnd
(npm)
Sep 1, 2020
Malicious Package in cordova-plugin-china-picker
Critical
GHSA-x9gm-qxhh-rf75
was published
for
cordova-plugin-china-picker
(npm)
Sep 1, 2020
Malicious Package in blingjs
Critical
GHSA-hfc6-79wv-5hpw
was published
for
blingjs
(npm)
Sep 1, 2020
Malicious Package in nginxbeautifier
Critical
GHSA-28xx-8j99-m32j
was published
for
nginxbeautifier
(npm)
Sep 1, 2020
Cross-Site Scripting in swagger-ui
Critical
CVE-2016-1000226
was published
for
swagger-ui
(npm)
Sep 1, 2020
False-positive validity for NFT1 genesis transactions
Critical
CVE-2020-15131
was published
for
slp-validate
(npm)
Jul 30, 2020
Command Injection in Kylin
Critical
CVE-2020-13925
was published
for
org.apache.kylin:kylin-server-base
(Maven)
Jul 27, 2020
Arbitrary Code Execution in mathjs
Critical
CVE-2017-1001002
was published
for
mathjs
(npm)
Dec 18, 2017
ProTip!
Advisories are also available from the
GraphQL API