GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
333 advisories
Filter by severity
Malicious Package in beffer-xor
Critical
GHSA-7cvf-p83w-48q6
was published
for
beffer-xor
(npm)
Sep 3, 2020
Malicious Package in another-date-range-picker
Critical
GHSA-8rxg-9g6f-vq9p
was published
for
another-date-range-picker
(npm)
Sep 1, 2020
Malicious Package in @impala/bmap
Critical
GHSA-c82c-8pjw-6829
was published
for
@impala/bmap
(npm)
Sep 1, 2020
Malicious Package in another-date-picker
Critical
GHSA-2p62-c4rm-mr72
was published
for
another-date-picker
(npm)
Sep 1, 2020
npm-script-demo is malware
Critical
CVE-2017-16128
was published
for
npm-script-demo
(npm)
Sep 1, 2020
Malicious Package in eslint-scope
Critical
GHSA-hxxf-q3w9-4xgw
was published
for
eslint-config-eslint
(npm)
Jul 12, 2018
Malware in pre-build binaries of bignum
Critical
GHSA-7cgc-fjv4-52x6
was published
for
bignum
(npm)
May 24, 2023
Embedded Malicious Code in node-ipc
Critical
CVE-2022-23812
was published
for
node-ipc
(npm)
Mar 16, 2022
Critical severity vulnerability that affects event-stream and flatmap-stream
Critical
GHSA-mh6f-8j2x-4483
was published
for
event-stream
(npm)
Nov 26, 2018
Malicious npm package: discord-fix
Critical
GHSA-qv2g-99x4-45x6
was published
for
discord-fix
(npm)
Jan 29, 2021
Malicious npm package: sonatype
Critical
GHSA-w8fh-pvq2-x8c4
was published
for
sonatype
(npm)
Jan 29, 2021
Malicious code in `loadyaml`
Critical
GHSA-mfc2-93pr-jf92
was published
for
loadyaml
(npm)
Oct 1, 2020
Malicious Package in 1337qq-js
Critical
GHSA-7wgh-5q4q-6wx5
was published
for
1337qq-js
(npm)
Sep 4, 2020
Malicious Package in wallet-address-validtaor
Critical
GHSA-pc7q-c837-3wjq
was published
for
wallet-address-validtaor
(npm)
Sep 3, 2020
Malicious Package in hw-trnasport-u2f
Critical
GHSA-4363-x42f-xph6
was published
for
hw-trnasport-u2f
(npm)
Sep 3, 2020
Malicious Package in commandre
Critical
GHSA-r8hx-3qx6-hxq9
was published
for
commandre
(npm)
Sep 3, 2020
Malicious Package in riped160
Critical
GHSA-rwcq-qpm6-7867
was published
for
riped160
(npm)
Sep 3, 2020
Malicious Package in bs58chcek
Critical
GHSA-97mp-9g5c-6c93
was published
for
bs58chcek
(npm)
Sep 4, 2020
Malicious Package in web3-eht
Critical
GHSA-29fh-xcjr-p7rx
was published
for
web3-eht
(npm)
Sep 3, 2020
Malicious npm package: an0n-chat-lib
Critical
GHSA-7xcv-wvr7-4h6p
was published
for
an0n-chat-lib
(npm)
Jan 29, 2021
Malicious Package in crpyto-js
Critical
GHSA-73c6-vwjh-g3qh
was published
for
crpyto-js
(npm)
Sep 3, 2020
Malicious Package in ripedm160
Critical
GHSA-9272-59x2-gwf2
was published
for
ripedm160
(npm)
Sep 3, 2020
Malicious Package in babel-laoder
Critical
GHSA-qp6m-jqfr-2f7v
was published
for
babel-laoder
(npm)
Sep 4, 2020
ProTip!
Advisories are also available from the
GraphQL API