Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

333 advisories

Loading
Malicious Package in eslint-scope Critical
GHSA-hxxf-q3w9-4xgw was published for eslint-config-eslint (npm) Jul 12, 2018
volkdm
Critical severity vulnerability that affects event-stream and flatmap-stream Critical
GHSA-mh6f-8j2x-4483 was published for event-stream (npm) Nov 26, 2018
npm-script-demo is malware Critical
CVE-2017-16128 was published for npm-script-demo (npm) Sep 1, 2020
Malicious Package in @impala/bmap Critical
GHSA-c82c-8pjw-6829 was published for @impala/bmap (npm) Sep 1, 2020
Malicious Package in angular-bmap Critical
GHSA-w8hg-mxvh-9h57 was published for angular-bmap (npm) Sep 1, 2020
Malicious Package in angular-material-sidenav-rnd Critical
GHSA-qmxf-fxq7-w59f was published for angular-material-sidenav-rnd (npm) Sep 1, 2020
Malicious Package in another-date-picker Critical
GHSA-2p62-c4rm-mr72 was published for another-date-picker (npm) Sep 1, 2020
mprpic
Malicious Package in another-date-range-picker Critical
GHSA-8rxg-9g6f-vq9p was published for another-date-range-picker (npm) Sep 1, 2020
Malicious Package in awesome_react_utility Critical
GHSA-m25q-fwg4-9v2p was published for awesome_react_utility (npm) Sep 1, 2020
Malicious Package in blingjs Critical
GHSA-hfc6-79wv-5hpw was published for blingjs (npm) Sep 1, 2020
Malicious Package in codify Critical
GHSA-2q6w-rxf3-4wc9 was published for codify (npm) Sep 1, 2020
Malicious Package in cordova-plugin-china-picker Critical
GHSA-x9gm-qxhh-rf75 was published for cordova-plugin-china-picker (npm) Sep 1, 2020
Malicious Package in dynamo-schema Critical
GHSA-vp8g-53fw-r9f2 was published for dynamo-schema (npm) Sep 1, 2020
Malicious Package in dossier Critical
GHSA-c8h6-89q2-mgv8 was published for dossier (npm) Sep 1, 2020
Malicious Package in impala Critical
GHSA-92px-q4w8-hrr5 was published for impala (npm) Sep 1, 2020
Malicious Package in freshdom Critical
GHSA-8qm2-24qc-c4qg was published for freshdom (npm) Sep 1, 2020
Malicious Package in json-serializer Critical
GHSA-7xfq-xh6v-4mrm was published for json-serializer (npm) Sep 1, 2020
Malicious Package in nginxbeautifier Critical
GHSA-28xx-8j99-m32j was published for nginxbeautifier (npm) Sep 1, 2020
Malicious Package in getcookies Critical
GHSA-3cjv-4phw-gvvv was published for getcookies (npm) Sep 1, 2020
Malicious Package in nothing-js Critical
GHSA-353r-3v84-9pjj was published for nothing-js (npm) Sep 1, 2020
Malicious Package in ladder-text-js Critical
GHSA-33gc-f8v9-v8hm was published for ladder-text-js (npm) Sep 1, 2020
Malicious Package in eslint-config-airbnb-standard Critical
GHSA-m852-866j-69j8 was published for eslint-config-airbnb-standard (npm) Sep 1, 2020
Malicious Package in boogeyman Critical
GHSA-9hc2-w9gg-q6jw was published for boogeyman (npm) Sep 1, 2020
Malicious Package in axois Critical
GHSA-wpfc-3w63-g4hm was published for axois (npm) Sep 1, 2020
Malicious Package in regenrator Critical
GHSA-m5p4-7wf9-6w99 was published for regenrator (npm) Sep 1, 2020
ProTip! Advisories are also available from the GraphQL API