GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
102
GitHub Actions
54
Go
4,340
Maven
5,000+
npm
5,000+
NuGet
1,033
pip
5,000+
Pub
13
RubyGems
1,122
Rust
1,498
Swift
61
Unreviewed advisories
All unreviewed
5,000+
31,885 advisories
Filter by severity
Malicious Package in donotinstallthis
Critical
GHSA-73hr-6785-f5p8
was published
for
donotinstallthis
(npm)
Sep 2, 2020
Malicious Package in destroyer-of-worlds
Critical
GHSA-w3f3-4j22-2v3p
was published
for
destroyer-of-worlds
(npm)
Sep 2, 2020
Malicious Package in uglyfi-js
Critical
GHSA-9xww-fwh9-95c5
was published
for
uglyfi-js
(npm)
Sep 2, 2020
Malicious Package in rpc-websocket
Critical
GHSA-x87g-rgrh-r6g3
was published
for
rpc-websocket
(npm)
Sep 3, 2020
Malicious Package in smartsearchwp
Critical
GHSA-fgp6-8g62-qx6w
was published
for
smartsearchwp
(npm)
Sep 3, 2020
Arbitrary Code Execution in mathjs
Critical
CVE-2017-1001002
was published
for
mathjs
(npm)
Dec 18, 2017
False-positive validity for NFT1 genesis transactions
Critical
CVE-2020-15131
was published
for
slp-validate
(npm)
Jul 30, 2020
Command Injection in Kylin
Critical
CVE-2020-13925
was published
for
org.apache.kylin:kylin-server-base
(Maven)
Jul 27, 2020
Cross-Site Scripting in swagger-ui
Critical
CVE-2016-1000226
was published
for
swagger-ui
(npm)
Sep 1, 2020
Malicious Package in nginxbeautifier
Critical
GHSA-28xx-8j99-m32j
was published
for
nginxbeautifier
(npm)
Sep 1, 2020
Malicious Package in cordova-plugin-china-picker
Critical
GHSA-x9gm-qxhh-rf75
was published
for
cordova-plugin-china-picker
(npm)
Sep 1, 2020
Malicious Package in blingjs
Critical
GHSA-hfc6-79wv-5hpw
was published
for
blingjs
(npm)
Sep 1, 2020
Malicious Package in angular-material-sidenav-rnd
Critical
GHSA-qmxf-fxq7-w59f
was published
for
angular-material-sidenav-rnd
(npm)
Sep 1, 2020
Malicious Package in soket.js
Critical
GHSA-x6gq-467r-hwcc
was published
for
soket.js
(npm)
Sep 1, 2020
XML External Entity (XXE) vulnerability in Square Retrofit
Critical
CVE-2018-1000844
was published
for
com.squareup.retrofit2:retrofit
(Maven)
Dec 21, 2018
Deserialization of Untrusted Data in jackson-databind
Critical
CVE-2018-19361
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jan 4, 2019
Server-Side Request Forgery (SSRF) in jackson-databind
Critical
CVE-2018-14721
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jan 4, 2019
Malicious Package in maybemaliciouspackage
Critical
GHSA-m9r7-q9fc-qwx5
was published
for
maybemaliciouspackage
(npm)
Sep 3, 2020
Malicious Package in my-very-own-package
Critical
GHSA-crr2-ph72-c52g
was published
for
my-very-own-package
(npm)
Sep 3, 2020
Malicious Package in hsf-clients
Critical
GHSA-g5q2-fcg9-j526
was published
for
hsf-clients
(npm)
Sep 3, 2020
SQL Injection in Kylin
Critical
CVE-2020-13926
was published
for
org.apache.kylin:kylin-server-base
(Maven)
Jul 27, 2020
ProTip!
Advisories are also available from the
GraphQL API