Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

382 advisories

Loading
Microsoft Exchange Server Remote Code Execution Vulnerability High Unreviewed
CVE-2021-26857 was published May 24, 2022
Withdrawn Advisory: mariadb was malware High
CVE-2017-16046 was published for mariadb (npm) Jul 18, 2018 withdrawn
Embedded malicious code vulnerability in Vision1210, in the build 5 of operating system version 4... Critical Unreviewed
CVE-2023-2003 was published Jul 13, 2023
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. The... Critical Unreviewed
CVE-2024-3094 was published Mar 29, 2024
Malicious Package in beffer-xor Critical
GHSA-7cvf-p83w-48q6 was published for beffer-xor (npm) Sep 3, 2020
mprpic
Malicious Package in another-date-range-picker Critical
GHSA-8rxg-9g6f-vq9p was published for another-date-range-picker (npm) Sep 1, 2020
Malicious Package in @impala/bmap Critical
GHSA-c82c-8pjw-6829 was published for @impala/bmap (npm) Sep 1, 2020
Malicious Package in another-date-picker Critical
GHSA-2p62-c4rm-mr72 was published for another-date-picker (npm) Sep 1, 2020
mprpic
sqlserver is malware High
CVE-2017-16055 was published for sqlserver (npm) Nov 9, 2018
tkinter is malware High
CVE-2017-16061 was published for tkinter (npm) Nov 1, 2018
cross-env.js is malware Moderate
CVE-2017-16081 was published for cross-env.js (npm) Sep 1, 2020
nodemssql is malware High
CVE-2017-16057 was published for nodemssql (npm) Nov 9, 2018
nodesqlite is malware High
CVE-2017-16049 was published for nodesqlite (npm) Jul 23, 2018
crossenv is malware High
CVE-2017-16074 was published for crossenv (npm) Aug 29, 2018
jquery.js is malware High
CVE-2017-16045 was published for jquery.js (npm) Jul 23, 2018
7h3Rabbit
mysqljs is malware High
CVE-2017-16047 was published for mysqljs (npm) Sep 1, 2020
mongose is malware High
CVE-2017-16077 was published for mongose (npm) Oct 10, 2018
coffescript is malware High
CVE-2017-16205 was published for coffescript (npm) Aug 6, 2018
node-opensl is malware High
CVE-2017-16063 was published for node-opensl (npm) Oct 3, 2018
smb is malware High
CVE-2017-16079 was published for smb (npm) Aug 29, 2018
npm-script-demo is malware Critical
CVE-2017-16128 was published for npm-script-demo (npm) Sep 1, 2020
node-sqlite is malware High
CVE-2017-16048 was published for node-sqlite (npm) Jul 23, 2018
nodecaffe is malware High
CVE-2017-16070 was published for nodecaffe (npm) Aug 29, 2018
gruntcli is malware High
CVE-2017-16058 was published for gruntcli (npm) Nov 9, 2018
babelcli is malware High
CVE-2017-16060 was published for babelcli (npm) Aug 29, 2018
ProTip! Advisories are also available from the GraphQL API