GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
142 advisories
Filter by severity
windows-build-tools downloads Resources over HTTP
High
CVE-2017-16003
was published
for
windows-build-tools
(npm)
Nov 9, 2018
Downloads Resources over HTTP in node-bsdiff-android
High
CVE-2016-10641
was published
for
node-bsdiff-android
(npm)
Sep 18, 2018
apk-parser2 downloads Resources over HTTP
High
CVE-2016-10632
was published
for
apk-parser2
(npm)
Sep 18, 2018
Downloads Resources over HTTP in haxe3
High
CVE-2016-10688
was published
for
haxe3
(npm)
Aug 17, 2018
fis-sass-all downloads Resources over HTTP
High
CVE-2016-10686
was published
for
fis-sass-all
(npm)
Aug 17, 2018
Downloads Resources over HTTP in cmake
High
CVE-2016-10642
was published
for
cmake
(npm)
Aug 15, 2018
Downloads Resources over HTTP in jstestdriver
High
CVE-2016-10643
was published
for
jstestdriver
(npm)
Aug 15, 2018
slimerjs-edge downloads Resources over HTTP
High
CVE-2016-10644
was published
for
slimerjs-edge
(npm)
Aug 15, 2018
grunt-images downloads Resources over HTTP
High
CVE-2016-10645
was published
for
grunt-images
(npm)
Aug 15, 2018
Downloads Resources over HTTP in resourcehacker
High
CVE-2016-10646
was published
for
resourcehacker
(npm)
Aug 15, 2018
marionette-socket-host downloads Resources over HTTP
High
CVE-2016-10648
was published
for
marionette-socket-host
(npm)
Aug 15, 2018
Downloads Resources over HTTP in react-native-baidu-voice-synthesizer
High
CVE-2016-10697
was published
for
react-native-baidu-voice-synthesizer
(npm)
Jul 31, 2018
Downloads Resources over HTTP in alto-saxophone
High
CVE-2016-10694
was published
for
alto-saxophone
(npm)
Jul 31, 2018
windows-seleniumjar downloads Resources over HTTP
High
CVE-2016-10691
was published
for
windows-seleniumjar
(npm)
Jul 31, 2018
Downloads Resources over HTTP in mystem-fix
High
CVE-2016-10698
was published
for
mystem-fix
(npm)
Jul 27, 2018
hubl-server downloads resources over HTTP
High
CVE-2017-16035
was published
for
hubl-server
(npm)
Jul 24, 2018
ProTip!
Advisories are also available from the
GraphQL API