Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

26,868 advisories

Loading
Steam Socialite Provider v1 does not correctly validate openid server Critical
GHSA-hhw9-35p2-q2c5 was published for socialiteproviders/steam (Composer) Jan 29, 2021
MadMikeyB
Unauthenticated Remote Code Execution in Apache JMeter Critical
CVE-2019-0187 was published for org.apache.jmeter:ApacheJMeter (Maven) Mar 7, 2019
Malicious Package in luna-mock Critical
GHSA-qm4q-f956-fg64 was published for luna-mock (npm) Sep 3, 2020
Remote Code Execution in spark-core Critical
CVE-2018-17190 was published for org.apache.spark:spark-core_2.10 (Maven) Nov 21, 2018
Malicious Package in rate-map Critical
GHSA-x48m-gp6r-gp4v was published for rate-map (npm) Sep 3, 2020
Path Traversal in f-serv Critical
GHSA-vx5w-cxch-wwc9 was published for f-serv (npm) Sep 3, 2020
Malicious Package in retcodelog Critical
GHSA-j8hw-49gg-vq3w was published for retcodelog (npm) Sep 3, 2020
Malicious Package in serilize Critical
GHSA-fw76-p9p2-6pvf was published for serilize (npm) Sep 3, 2020
Malicious Package in node-ftp Critical
GHSA-5jgp-pg4f-q8vj was published for node-ftp (npm) Sep 3, 2020
Malicious Package in json-serializer Critical
GHSA-chh2-rvhg-wqwr was published for json-serializer (npm) Sep 3, 2020
Malicious Package in mogodb Critical
GHSA-w3pp-wp5v-fjvp was published for mogodb (npm) Sep 3, 2020
Malicious Package in k0a_multer Critical
GHSA-v95x-h953-x7fg was published for k0a_multer (npm) Sep 3, 2020
Malicious Package in import-mysql Critical
GHSA-whjr-jj69-7prm was published for import-mysql (npm) Sep 3, 2020
Malicious Package in node-spdy Critical
GHSA-wfjh-3hq2-r276 was published for node-spdy (npm) Sep 3, 2020
Malicious Package in log-symboles Critical
GHSA-h232-fpqx-mqgr was published for log-symboles (npm) Sep 3, 2020
Malicious Package in pizza-pasta Critical
GHSA-wxrm-2h86-v95f was published for pizza-pasta (npm) Sep 3, 2020
Malicious Package in harmlesspackage Critical
GHSA-8hmr-w35f-3qgj was published for harmlesspackage (npm) Sep 3, 2020
Malicious Package in bqffer-xor Critical
GHSA-pxqp-mv67-g528 was published for bqffer-xor (npm) Sep 3, 2020
Malicious Package in buffdr-xor Critical
GHSA-8549-p68h-m9mc was published for buffdr-xor (npm) Sep 3, 2020
Malicious Package in buffe2-xor Critical
GHSA-3f97-rj68-2pjf was published for buffe2-xor (npm) Sep 3, 2020
Malicious Package in buffer-xkr Critical
GHSA-rw53-q8x7-ccx8 was published for buffer-xkr (npm) Sep 3, 2020
Malicious Package in buffer-xoz Critical
GHSA-j6x7-42x2-hpcf was published for buffer-xoz (npm) Sep 3, 2020
Malicious Package in buffev-xor Critical
GHSA-x3w4-mrmv-cw2x was published for buffev-xor (npm) Sep 3, 2020
Malicious Package in uglyfi.js Critical
GHSA-8jf2-cq6v-w234 was published for uglyfi.js (npm) Sep 3, 2020
Malicious Package in bufder-xor Critical
GHSA-w9q5-mvc6-5cw3 was published for bufder-xor (npm) Sep 3, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database