Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,015 advisories

Loading
Malicious Package in js-wha3 Critical
GHSA-785g-gx74-gr39 was published for js-wha3 (npm) Sep 3, 2020
Malicious Package in js-sla3 Critical
GHSA-h6m3-cx24-9626 was published for js-sla3 (npm) Sep 3, 2020
Malicious Package in js-sxa3 Critical
GHSA-jh67-3wqw-cvhr was published for js-sxa3 (npm) Sep 3, 2020
Malicious Package in owl-orchard-apple-sunshine Critical
GHSA-h24p-2c3m-5qf4 was published for owl-orchard-apple-sunshine (npm) Sep 3, 2020
Malicious Package in bconi Critical
GHSA-7j93-5m2h-rvjx was published for bconi (npm) Sep 4, 2020
Client TLS credentials sent raw to server in npm package nats Critical
GHSA-prmc-5v5w-c465 was published for nats (npm) Apr 6, 2021
Malicious Package in bs58chekc Critical
GHSA-fwvq-x4j9-hr5f was published for bs58chekc (npm) Sep 3, 2020
Malicious Package in bs85check Critical
GHSA-4hq8-v42x-9wx3 was published for bs85check (npm) Sep 4, 2020
Malicious Package in hdkye Critical
GHSA-8pwx-j4r6-5v38 was published for hdkye (npm) Sep 3, 2020
Malicious Package in ecruve Critical
GHSA-fpf2-pr3j-4cm3 was published for ecruve (npm) Sep 3, 2020
Malicious Package in rceat Critical
GHSA-7w7c-867m-4mqc was published for rceat (npm) Sep 3, 2020
Malicious Package in crytpo-js Critical
GHSA-m4fq-xh7w-jhfm was published for crytpo-js (npm) Sep 3, 2020
Malicious Package in signqle Critical
GHSA-m794-qv59-gj7c was published for signqle (npm) Sep 3, 2020
Malicious Package in siganle Critical
GHSA-p5p2-rhc3-wmf3 was published for siganle (npm) Sep 3, 2020
Malicious Package in bip30 Critical
GHSA-wch2-46wj-6x5j was published for bip30 (npm) Sep 4, 2020
Malicious Package in scrytsy Critical
GHSA-vv7g-pjw9-4qj9 was published for scrytsy (npm) Sep 3, 2020
Malicious Package in bs85 Critical
GHSA-gvm7-8fq3-qjj2 was published for bs85 (npm) Sep 3, 2020
Malicious Package in bictore-lib Critical
GHSA-f8vf-6hwg-hw55 was published for bictore-lib (npm) Sep 4, 2020
Malicious Package in path-to-regxep Critical
GHSA-f7gc-6hcj-wc42 was published for path-to-regxep (npm) Sep 3, 2020
Path Traversal in sapper Critical
GHSA-f3vw-587g-r29g was published for sapper (npm) Sep 3, 2020
Command Injection in giting Critical
GHSA-7r9x-hr76-jr96 was published for giting (npm) Sep 4, 2020
Command Injection in plotter Critical
GHSA-65xx-c85x-wg76 was published for plotter (npm) Sep 4, 2020
Remote Code Execution in mongodb-query-parser Critical
GHSA-97mg-3cr6-3x4c was published for mongodb-query-parser (npm) Sep 4, 2020
Command Injection in bestzip Critical
GHSA-4qqc-mp5f-ccv4 was published for bestzip (npm) Sep 2, 2020
Unrestricted Upload of File with Dangerous Type in jquery-file-upload Critical
CVE-2018-9207 was published for jquery-file-upload (npm) Dec 19, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database