Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
43
Go
3,181
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,474
Pub
12
RubyGems
991
Rust
1,185
Swift
51
Unreviewed advisories
All unreviewed
5,000+

10 advisories

Loading
The OVRI Payment plugin for WordPress contains malicious .htaccess files in version 1.7.0. The... Moderate Unreviewed
CVE-2024-10938 was published Feb 27, 2026
TensorFlow v2.18.0 was discovered to output random results when compiling Embedding, leading to... Moderate Unreviewed
CVE-2025-55556 was published Sep 25, 2025
MetaMask SDK indirectly exposed via malicious debug@4.4.2 dependency Moderate
GHSA-qj3p-xc97-xw74 was published for @metamask/sdk (npm) Sep 15, 2025
cross-env.js is malware Moderate
CVE-2017-16081 was published for cross-env.js (npm) Sep 1, 2020
Nodesass is malware Moderate
CVE-2017-16080 was published for nodesass (npm) Sep 1, 2020
Hijacked Environment Variables in proxy.js Moderate
CVE-2017-16076 was published for proxy.js (npm) Aug 29, 2018
Shadowsock is malware Moderate
CVE-2017-16078 was published for shadowsock (npm) Aug 27, 2018
jquey is malware Moderate
CVE-2017-16204 was published for jquey (npm) Aug 6, 2018
cofeescript is malware Moderate
CVE-2017-16202 was published for cofeescript (npm) Aug 6, 2018
sqlite.js is malware Moderate
CVE-2017-16050 was published for sqlite.js (npm) Jul 23, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database