Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,942
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

26,859 advisories

Loading
Eclipse RDF4j vulnerable to XML External Entitiy Critical
CVE-2018-1000644 was published for org.eclipse.rdf4j:rdf4j-runtime (Maven) Oct 19, 2018
Remote Code Execution in esigate-core Critical
CVE-2018-1000854 was published for org.esigate:esigate-core (Maven) Dec 21, 2018
Unrestricted Upload of File with Dangerous Type in mingsoft:ms-mcms Critical
CVE-2018-18830 was published for net.mingsoft:ms-mcms (Maven) Nov 1, 2018
Exposure of Sensitive Information in Hadoop Critical
CVE-2017-15718 was published for org.apache.hadoop:hadoop-main (Maven) Dec 21, 2018
XML External Entity Reference in mchange:c3p0 Critical
CVE-2018-20433 was published for com.mchange:c3p0 (Maven) Jan 7, 2019
Malicious Package in ali-contributors Critical
GHSA-8m5v-f2wp-wqr9 was published for ali-contributors (npm) Sep 3, 2020
Malicious Package in diamond-clien Critical
GHSA-86gv-xpwv-jprc was published for diamond-clien (npm) Sep 3, 2020
Malicious Package in alico Critical
GHSA-jfx5-7mr2-g8hg was published for alico (npm) Sep 3, 2020
Malicious Package in river-mock Critical
GHSA-2h3x-95c6-885r was published for river-mock (npm) Sep 3, 2020
Malicious Package in nodes.js Critical
GHSA-38vq-cjh5-vw7x was published for nodes.js (npm) Sep 3, 2020
Malicious Package in alipayjsapi Critical
GHSA-rjhc-w3fj-j6x9 was published for alipayjsapi (npm) Sep 3, 2020
Malicious Package in cage-js Critical
GHSA-jf8x-wg7f-p3w8 was published for cage-js (npm) Sep 3, 2020
Malicious Package in deasyncp Critical
GHSA-qfc9-x7gv-27jr was published for deasyncp (npm) Sep 3, 2020
Malicious Package in comander Critical
GHSA-4xg9-g7qj-jhg4 was published for comander (npm) Sep 3, 2020
API Admin Auth Weakness in tomato Critical
CVE-2013-7379 was published for tomato (npm) Aug 31, 2020
Command Injection in gm Critical
CVE-2015-7982 was published for gm (npm) Sep 1, 2020
Malicious Package in file-logging Critical
GHSA-wwwg-6r7f-9c9h was published for file-logging (npm) Sep 3, 2020
Malicious Package in 8.9.4 Critical
GHSA-725f-3pw7-rq6x was published for 8.9.4 (npm) Sep 3, 2020
Malicious Package in btffer-xor Critical
GHSA-8hrq-9wm7-v3jw was published for btffer-xor (npm) Sep 3, 2020
Malicious Package in mysql-koa Critical
GHSA-x45v-pvpg-hcrh was published for mysql-koa (npm) Sep 3, 2020
Malicious Package in buffes-xor Critical
GHSA-28f4-mjfq-qrvf was published for buffes-xor (npm) Sep 3, 2020
Malicious Package in buffer-xob Critical
GHSA-gpg2-7r7j-4pm9 was published for buffer-xob (npm) Sep 3, 2020
Malicious Package in bwffer-xor Critical
GHSA-7qg7-6g3g-8vxg was published for bwffer-xor (npm) Sep 3, 2020
Malicious Package in j3-sha3 Critical
GHSA-p3jx-g34v-q56j was published for j3-sha3 (npm) Sep 3, 2020
Malicious Package in jq-sha3 Critical
GHSA-x8m7-cv39-xmg9 was published for jq-sha3 (npm) Sep 3, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database