Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,494
Maven
5,000+
npm
4,129
NuGet
735
pip
3,944
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,016 advisories

Loading
Prototype Pollution Vulnerability in object-collider Critical
CVE-2021-25914 was published for object-collider (npm) Mar 19, 2021
Command injection in wc-cmd Critical
CVE-2020-28431 was published for wc-cmd (npm) Mar 19, 2021 withdrawn
Prototype pollution in set-in Critical
CVE-2020-28273 was published for set-in (npm) Mar 19, 2021
Code injection in nobelprizeparser Critical
GHSA-4wv4-mgfq-598v was published for nobelprizeparser (npm) Mar 12, 2021
Prefix escape Critical
CVE-2021-21321 was published for fastify-reply-from (npm) Mar 3, 2021
Command injection in samba-client Critical
CVE-2021-27185 was published for samba-client (npm) Feb 11, 2021
Prototype pollution in dotty Critical
CVE-2021-25912 was published for dotty (npm) Feb 5, 2021
OS Command Injection in async-git Critical
CVE-2021-3190 was published for async-git (npm) Jan 29, 2021
Malicious npm package: an0n-chat-lib Critical
GHSA-7xcv-wvr7-4h6p was published for an0n-chat-lib (npm) Jan 29, 2021
Malicious npm package: discord-fix Critical
GHSA-qv2g-99x4-45x6 was published for discord-fix (npm) Jan 29, 2021
Malicious npm package: sonatype Critical
GHSA-w8fh-pvq2-x8c4 was published for sonatype (npm) Jan 29, 2021
XSS in hello.js Critical
CVE-2020-7741 was published for hellojs (npm) Jan 13, 2021
Command injection in ts-process-promises Critical
CVE-2020-7784 was published for ts-process-promises (npm) Jan 13, 2021
Command injection in buns Critical
CVE-2020-7794 was published for buns (npm) Jan 13, 2021
Command Injection in corenlp-js-interface Critical
CVE-2020-28440 was published for corenlp-js-interface (npm) Dec 18, 2020
Command injection in connection-tester Critical
CVE-2020-7781 was published for connection-tester (npm) Dec 17, 2020
Malicious code in `loadyaml` Critical
GHSA-mfc2-93pr-jf92 was published for loadyaml (npm) Oct 1, 2020
Malicious code in `electorn` Critical
GHSA-38hx-3542-8fh3 was published for electorn (npm) Oct 1, 2020
Malicious Package in radic-util Critical
GHSA-8qh7-xw58-3ww7 was published for radic-util (npm) Sep 11, 2020
Malicious Package in motiv.scss Critical
GHSA-2vqq-jgxx-fxjc was published for motiv.scss (npm) Sep 11, 2020
Malicious Package in react-datepicker-plus Critical
GHSA-4wcx-c9c4-89p2 was published for react-datepicker-plus (npm) Sep 11, 2020
Malicious Package in precode.js Critical
GHSA-5w4r-wwc3-6qcp was published for precode.js (npm) Sep 11, 2020
Malicious Package in scroool Critical
GHSA-p7w2-mc6m-mfx2 was published for scroool (npm) Sep 11, 2020
Malicious Package in grunt-radical Critical
GHSA-4627-w373-375v was published for grunt-radical (npm) Sep 11, 2020
Malicious Package in ng-ui-library Critical
GHSA-2xw5-3767-qxvm was published for ng-ui-library (npm) Sep 11, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database