Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

335 advisories

Loading
Embedded malicious code vulnerability in Vision1210, in the build 5 of operating system version 4... Critical Unreviewed
CVE-2023-2003 was published Jul 13, 2023
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. The... Critical Unreviewed
CVE-2024-3094 was published Mar 29, 2024
Malicious Package in beffer-xor Critical
GHSA-7cvf-p83w-48q6 was published for beffer-xor (npm) Sep 3, 2020
mprpic
Malicious Package in another-date-range-picker Critical
GHSA-8rxg-9g6f-vq9p was published for another-date-range-picker (npm) Sep 1, 2020
Malicious Package in @impala/bmap Critical
GHSA-c82c-8pjw-6829 was published for @impala/bmap (npm) Sep 1, 2020
Malicious Package in another-date-picker Critical
GHSA-2p62-c4rm-mr72 was published for another-date-picker (npm) Sep 1, 2020
mprpic
npm-script-demo is malware Critical
CVE-2017-16128 was published for npm-script-demo (npm) Sep 1, 2020
Malicious Package in eslint-scope Critical
GHSA-hxxf-q3w9-4xgw was published for eslint-config-eslint (npm) Jul 12, 2018
volkdm
Malware in pre-build binaries of bignum Critical
GHSA-7cgc-fjv4-52x6 was published for bignum (npm) May 24, 2023
calebbrown rvagg
Embedded Malicious Code in node-ipc Critical
CVE-2022-23812 was published for node-ipc (npm) Mar 16, 2022
Embedded malware in rc Critical
GHSA-g2q5-5433-rhrf was published for rc (npm) Nov 4, 2021
Critical severity vulnerability that affects event-stream and flatmap-stream Critical
GHSA-mh6f-8j2x-4483 was published for event-stream (npm) Nov 26, 2018
Embedded malware in coa Critical
GHSA-73qr-pfmq-6rp8 was published for coa (npm) Nov 4, 2021
Malicious npm package: sonatype Critical
GHSA-w8fh-pvq2-x8c4 was published for sonatype (npm) Jan 29, 2021
Malicious npm package: discord-fix Critical
GHSA-qv2g-99x4-45x6 was published for discord-fix (npm) Jan 29, 2021
Malicious code in `loadyaml` Critical
GHSA-mfc2-93pr-jf92 was published for loadyaml (npm) Oct 1, 2020
Malicious Package in 1337qq-js Critical
GHSA-7wgh-5q4q-6wx5 was published for 1337qq-js (npm) Sep 4, 2020
Malicious Package in wallet-address-validtaor Critical
GHSA-pc7q-c837-3wjq was published for wallet-address-validtaor (npm) Sep 3, 2020
Malicious Package in bs58chcek Critical
GHSA-97mp-9g5c-6c93 was published for bs58chcek (npm) Sep 4, 2020
Malicious Package in ripedm160 Critical
GHSA-9272-59x2-gwf2 was published for ripedm160 (npm) Sep 3, 2020
Malicious Package in riped160 Critical
GHSA-rwcq-qpm6-7867 was published for riped160 (npm) Sep 3, 2020
Malicious Package in web3-eht Critical
GHSA-29fh-xcjr-p7rx was published for web3-eht (npm) Sep 3, 2020
Malicious Package in commandre Critical
GHSA-r8hx-3qx6-hxq9 was published for commandre (npm) Sep 3, 2020
Malicious Package in crpyto-js Critical
GHSA-73c6-vwjh-g3qh was published for crpyto-js (npm) Sep 3, 2020
Malicious npm package: an0n-chat-lib Critical
GHSA-7xcv-wvr7-4h6p was published for an0n-chat-lib (npm) Jan 29, 2021
ProTip! Advisories are also available from the GraphQL API