Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,804
Erlang
29
GitHub Actions
16
Go
1,713
Maven
4,948
npm
3,477
NuGet
605
pip
3,007
Pub
10
RubyGems
830
Rust
774
Swift
34
Unreviewed advisories
All unreviewed
5,000+

382 advisories

Hijacked Environment Variables in proxy.js Moderate
CVE-2017-16076 was published for proxy.js (npm) Aug 29, 2018
Malicious Package in dossier Critical
GHSA-c8h6-89q2-mgv8 was published for dossier (npm) Sep 1, 2020
Malicious Package in regenrator Critical
GHSA-m5p4-7wf9-6w99 was published for regenrator (npm) Sep 1, 2020
Malicious Package in commander-js Critical
GHSA-2hqf-qqmq-pgpp was published for commander-js (npm) Sep 2, 2020
Malicious Package in asnc Critical
GHSA-2p99-6f47-8x9j was published for asnc (npm) Sep 2, 2020
Malicious Package in eact Critical
GHSA-pmgv-94f5-6w7w was published for eact (npm) Sep 2, 2020
Malicious Package in jajajejejiji Critical
GHSA-rggq-f2wf-m6cp was published for jajajejejiji (npm) Sep 2, 2020
Malicious Package in commnader Critical
GHSA-855m-jchh-9qjc was published for commnader (npm) Sep 2, 2020
Malicious Package in wepack-cli Critical
GHSA-fpw3-x4xq-6vxq was published for wepack-cli (npm) Sep 2, 2020
Malicious Package in asinc Critical
GHSA-87qw-7v97-w34r was published for asinc (npm) Sep 2, 2020
Malicious Package in asynnc Critical
GHSA-5fm9-jmv7-fcx5 was published for asynnc (npm) Sep 2, 2020
Malicious Package in requets Critical
GHSA-f3pc-c2gf-hvgw was published for requets (npm) Sep 2, 2020
Malicious Package in carloprojectlesang Critical
GHSA-qj2g-642f-4jrv was published for carloprojectlesang (npm) Sep 2, 2020
Malicious Package in destroyer-of-worlds Critical
GHSA-w3f3-4j22-2v3p was published for destroyer-of-worlds (npm) Sep 2, 2020
Malicious Package in uglyfi-js Critical
GHSA-9xww-fwh9-95c5 was published for uglyfi-js (npm) Sep 2, 2020
Malicious Package in requst Critical
GHSA-8qx4-r7fx-xc4v was published for requst (npm) Sep 11, 2020
Malicious Package in requset Critical
GHSA-w7wg-24g3-2c78 was published for requset (npm) Sep 2, 2020
Malicious Package in colour-string Critical
GHSA-8mmf-qp7j-2w24 was published for colour-string (npm) Sep 2, 2020
Malicious Package in donotinstallthis Critical
GHSA-73hr-6785-f5p8 was published for donotinstallthis (npm) Sep 2, 2020
Malicious Package in require-ports Critical
GHSA-qj3g-wfr7-3cv7 was published for require-ports (npm) Sep 2, 2020
Malicious Package in rimrafall Critical
GHSA-8hq2-fcqm-39hq was published for rimrafall (npm) Sep 2, 2020
Malicious Package in commmander Critical
GHSA-q42c-rrp3-r3xm was published for commmander (npm) Sep 11, 2020
Malicious Package in rpc-websocket Critical
GHSA-x87g-rgrh-r6g3 was published for rpc-websocket (npm) Sep 3, 2020
Malicious Package in smartsearchwp Critical
GHSA-fgp6-8g62-qx6w was published for smartsearchwp (npm) Sep 3, 2020
Malicious Package in blingjs Critical
GHSA-hfc6-79wv-5hpw was published for blingjs (npm) Sep 1, 2020
ProTip! Advisories are also available from the GraphQL API