GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+
22,038 advisories
Filter by severity
Malicious Package in requuest
Critical
GHSA-frxq-v7fm-m4pv
was published
for
requuest
(npm)
Sep 2, 2020
Malicious Package in colro-name
Critical
GHSA-jp9g-5x75-ccp8
was published
for
colro-name
(npm)
Sep 2, 2020
Malicious Package in tensorplow
Critical
GHSA-m2fp-c79h-rr79
was published
for
tensorplow
(npm)
Sep 2, 2020
Path Traversal in @wturyn/swagger-injector
Critical
GHSA-4x7w-frcq-v4m3
was published
for
@wturyn/swagger-injector
(npm)
Sep 3, 2020
Malicious Package in body-parse-xml
Critical
GHSA-jcmh-9fvm-j39w
was published
for
body-parse-xml
(npm)
Sep 3, 2020
Malicious Package in mogodb-core
Critical
GHSA-g4m3-rpxr-h7vg
was published
for
mogodb-core
(npm)
Sep 3, 2020
Malicious Package in erquest
Critical
GHSA-4pmg-jgm5-3jg6
was published
for
erquest
(npm)
Sep 2, 2020
Malicious Package in serializes
Critical
GHSA-j899-348x-h3rq
was published
for
serializes
(npm)
Sep 3, 2020
Malicious Package in sparkies
Critical
GHSA-c4fm-46gm-4469
was published
for
sparkies
(npm)
Sep 3, 2020
Path Traversal in swagger-injector
Critical
GHSA-v4x8-gw49-7hv4
was published
for
swagger-injector
(npm)
Sep 3, 2020
Malicious Package in discord.js-user
Critical
GHSA-69r6-7h4f-9p7q
was published
for
discord.js-user
(npm)
Sep 3, 2020
Malicious Package in font-scrubber
Critical
GHSA-65j7-66p7-9xgf
was published
for
font-scrubber
(npm)
Sep 2, 2020
Malicious Package in yeoman-genrator
Critical
GHSA-fm7r-2pr7-rw2p
was published
for
yeoman-genrator
(npm)
Sep 2, 2020
Malicious Package in koa-body-parse
Critical
GHSA-wqgq-mfvj-6qxp
was published
for
koa-body-parse
(npm)
Sep 3, 2020
Malicious Package in js-regular
Critical
GHSA-qcc9-q247-3m2m
was published
for
js-regular
(npm)
Sep 3, 2020
Malicious Package in js-base64-int
Critical
GHSA-76qf-6mvw-c5hm
was published
for
js-base64-int
(npm)
Sep 3, 2020
Malicious Package in evil-package
Critical
GHSA-p62r-jf56-h429
was published
for
evil-package
(npm)
Sep 3, 2020
ProTip!
Advisories are also available from the
GraphQL API