Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
43
Go
3,181
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,474
Pub
12
RubyGems
991
Rust
1,185
Swift
51
Unreviewed advisories
All unreviewed
5,000+

417 advisories

Loading
xygeni-action v5 tag poisoned with C2 backdoor Critical
CVE-2026-31976 was published for xygeni/xygeni-action (GitHub Actions) Mar 11, 2026
Nick2bad4u Credited to Nick2bad4u
The OVRI Payment plugin for WordPress contains malicious .htaccess files in version 1.7.0. The... Moderate Unreviewed
CVE-2024-10938 was published Feb 27, 2026
`polymarket-client-sdks` was removed from crates.io for malicious code Critical
GHSA-p5vf-5754-x7p3 was published for polymarket-client-sdks (Rust) Feb 13, 2026
`sha-rst` was removed from crates.io for malicious code Critical
GHSA-vgr2-r5hm-f6gf was published for sha-rst (Rust) Feb 12, 2026
`finch_cli_rust` was removed from crates.io for malicious code Critical
GHSA-6v2j-vr4h-f632 was published for finch_cli_rust (Rust) Feb 12, 2026
`finch-rst` was removed from crates.io for malicious code Critical
GHSA-xp79-9mxw-878j was published for finch-rst (Rust) Feb 12, 2026
A single post-release of dydx-v4-client contained obfuscated multi-stage loader Critical
GHSA-4f84-67cv-qrv3 was published for dydx-v4-client (pip) Feb 6, 2026
eslint-config-prettier, eslint-plugin-prettier, synckit, @pkgr/core, napi-postinstall have embedded malicious code High
CVE-2025-54313 was published for @pkgr/core (npm) Jul 19, 2025
Pradoxzon Credited to Pradoxzon
"UNSUPPORTED WHEN ASSIGNED" Certain versions of the ASUS Live Update client were distributed with... Critical Unreviewed
CVE-2025-59374 was published Dec 17, 2025
Multiple Reviewdog actions were compromised during a specific time period High
CVE-2025-30154 was published for reviewdog/action-setup (GitHub Actions) Mar 19, 2025
sshayb Credited to sshayb and ramimac ramimac ramimac
tj-actions changed-files through 45.0.7 allows remote attackers to discover secrets by reading actions logs. High
CVE-2025-30066 was published for tj-actions/changed-files (GitHub Actions) Mar 15, 2025
varunsh-coder Credited to varunsh-coder
Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is... High Unreviewed
CVE-2024-4978 was published May 23, 2024
Rails is bad High Unreviewed
CVE-2021-26857 was published May 24, 2022
VestaCP commit a3f0fa1 (2018-05-31) up to commit ee03eff (2018-06-13) contain embedded malicious... Critical Unreviewed
CVE-2018-25117 was published Oct 15, 2025
NetSarang Xmanager Enterprise 5.0 Build 1232, Xmanager 5.0 Build 1045, Xshell 5.0 Build 1322,... Critical Unreviewed
CVE-2017-20203 was published Oct 9, 2025
Web Developer for Chrome v0.4.9 contained malicious code that generated a domain via a DGA and... Critical Unreviewed
CVE-2017-20202 was published Oct 9, 2025
CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 (32-bit builds) contained a malicious pre-entry... Critical Unreviewed
CVE-2017-20201 was published Oct 9, 2025
NetSarang Xmanager Enterprise 5.0 Build 1232, Xmanager 5.0 Build 1045, Xshell 5.0 Build 1322,... Critical Unreviewed
CVE-2025-34252 was published Oct 7, 2025
TensorFlow v2.18.0 was discovered to output random results when compiling Embedding, leading to... Moderate Unreviewed
CVE-2025-55556 was published Sep 25, 2025
Malicious versions of Nx were published Critical
CVE-2025-10894 was published for @nx/devkit (npm) Aug 27, 2025
jahredhope Credited to jahredhope, tadhglewis, hckhanh, and TimShilov tadhglewis tadhglewis
hckhanh hckhanh TimShilov TimShilov
Duplicate Advisory: Malicious versions of Nx were published Critical
GHSA-8mjq-32x3-22qf was published for nx (npm) Sep 25, 2025 withdrawn
is-arrayish@0.3.3 contains malware after npm account takeover High
CVE-2025-59331 was published for is-arrayish (npm) Sep 15, 2025
error-ex@1.3.3 contains malware after npm account takeover High
CVE-2025-59330 was published for error-ex (npm) Sep 15, 2025
color-convert@3.1.1 contains malware after npm account takeover High
CVE-2025-59162 was published for color-convert (npm) Sep 15, 2025
color-name@2.0.1 contains malware after npm account takeover High
CVE-2025-59145 was published for color-name (npm) Sep 15, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database