GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,967
Erlang
29
GitHub Actions
16
Go
1,748
Maven
4,978
npm
3,509
NuGet
609
pip
3,073
Pub
10
RubyGems
832
Rust
781
Swift
34
Unreviewed advisories
All unreviewed
5,000+
21,725 advisories
Filter by severity
XML External Entity (XXE) vulnerability in Square Retrofit
Critical
CVE-2018-1000844
was published
for
com.squareup.retrofit2:retrofit
(Maven)
Dec 21, 2018
Malicious Package in reqquest
Critical
GHSA-4jfq-q299-g4cr
was published
for
reqquest
(npm)
Sep 2, 2020
Malicious Package in reequest
Critical
GHSA-rw4r-h883-8pf9
was published
for
reequest
(npm)
Sep 2, 2020
Malicious Package in rrequest
Critical
GHSA-wc7q-qpm4-8pqv
was published
for
rrequest
(npm)
Sep 2, 2020
Malicious Package in hsf-clients
Critical
GHSA-g5q2-fcg9-j526
was published
for
hsf-clients
(npm)
Sep 3, 2020
Malicious Package in midway-dataproxy
Critical
GHSA-mq9h-cwc2-6j5r
was published
for
midway-dataproxy
(npm)
Sep 3, 2020
Malicious Package in maybemaliciouspackage
Critical
GHSA-m9r7-q9fc-qwx5
was published
for
maybemaliciouspackage
(npm)
Sep 3, 2020
SQL Injection in Kylin
Critical
CVE-2020-13926
was published
for
org.apache.kylin:kylin-server-base
(Maven)
Jul 27, 2020
Malicious Package in my-very-own-package
Critical
GHSA-crr2-ph72-c52g
was published
for
my-very-own-package
(npm)
Sep 3, 2020
Malicious Package in appx-compiler
Critical
GHSA-8q2c-2396-hf7j
was published
for
appx-compiler
(npm)
Sep 3, 2020
Malicious Package in requuest
Critical
GHSA-frxq-v7fm-m4pv
was published
for
requuest
(npm)
Sep 2, 2020
Malicious Package in reuest
Critical
GHSA-r863-p739-275c
was published
for
reuest
(npm)
Sep 11, 2020
Malicious Package in experss
Critical
GHSA-mmph-wp49-r48h
was published
for
experss
(npm)
Sep 2, 2020
Malicious Package in requestt
Critical
GHSA-2563-83p7-f34p
was published
for
requestt
(npm)
Sep 2, 2020
Malicious Package in qingting
Critical
GHSA-559q-92vx-xvjp
was published
for
qingting
(npm)
Sep 3, 2020
Malicious Package in node-buc
Critical
GHSA-x3m6-rprw-862w
was published
for
node-buc
(npm)
Sep 3, 2020
ProTip!
Advisories are also available from the
GraphQL API