Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

38 advisories

Loading
Entropy Backdoor in text-qrcode High
GHSA-h5vj-f7r9-w564 was published for text-qrcode (npm) Sep 1, 2020
lodahs is malware High
CVE-2019-19771 was published for lodahs (npm) Dec 16, 2019
node-fabric is malware High
CVE-2017-16052 was published for node-fabric (npm) Jul 23, 2018
coffe-script is malware High
CVE-2017-16203 was published for coffe-script (npm) Aug 6, 2018
fabric-js is malware High
CVE-2017-16053 was published for fabric-js (npm) Jul 23, 2018
opencv.js is malware High
CVE-2017-16066 was published for opencv.js (npm) Aug 29, 2018
noderequest is malware High
CVE-2017-16073 was published for noderequest (npm) Sep 17, 2018
ffmepg is malware High
CVE-2017-16068 was published for ffmepg (npm) Aug 29, 2018
sqliter is malware High
CVE-2017-16051 was published for sqliter (npm) Jul 23, 2018
nodemailer-js is malware High
CVE-2017-16071 was published for nodemailer-js (npm) Aug 29, 2018
node-openssl is malware High
CVE-2017-16064 was published for node-openssl (npm) Oct 10, 2018
openssl.js is malware High
CVE-2017-16065 was published for openssl.js (npm) Aug 29, 2018
mssql-node is malware High
CVE-2017-16059 was published for mssql-node (npm) Nov 9, 2018
nodefabric is malware High
CVE-2017-16054 was published for nodefabric (npm) Jul 23, 2018
nodemailer.js is malware High
CVE-2017-16072 was published for nodemailer.js (npm) Aug 29, 2018
discordi.js is malware High
CVE-2017-16207 was published for discordi.js (npm) Aug 6, 2018
node-opencv is malware High
CVE-2017-16067 was published for node-opencv (npm) Aug 29, 2018
mssql.js is malware High
CVE-2017-16056 was published for mssql.js (npm) Nov 9, 2018
node-tkinter is malware High
CVE-2017-16062 was published for node-tkinter (npm) Nov 1, 2018
d3.js is malware High
CVE-2017-16044 was published for d3.js (npm) Jul 23, 2018
nodeffmpeg is malware High
CVE-2017-16069 was published for nodeffmpeg (npm) Aug 29, 2018
http-proxy.js is malware High
CVE-2017-16075 was published for http-proxy.js (npm) Aug 29, 2018
babelcli is malware High
CVE-2017-16060 was published for babelcli (npm) Aug 29, 2018
gruntcli is malware High
CVE-2017-16058 was published for gruntcli (npm) Nov 9, 2018
nodecaffe is malware High
CVE-2017-16070 was published for nodecaffe (npm) Aug 29, 2018
ProTip! Advisories are also available from the GraphQL API