Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

26,869 advisories

Loading
Malicious Package in angular-location-update Critical
GHSA-53jx-4wwh-gcqj was published for angular-location-update (npm) Sep 11, 2020
Malicious Package in blubird Critical
GHSA-rvww-x6m4-4vc2 was published for blubird (npm) Sep 11, 2020
Malicious Package in commmander Critical
GHSA-q42c-rrp3-r3xm was published for commmander (npm) Sep 11, 2020
Malicious Package in geoheat Critical
GHSA-p32g-242c-76h3 was published for geoheat (npm) Sep 11, 2020
Malicious Package in epress Critical
GHSA-vf8q-pw7h-r2x2 was published for epress (npm) Sep 11, 2020
Malicious Package in test-module-a Critical
GHSA-76xq-58hj-vwm2 was published for test-module-a (npm) Sep 11, 2020
Malicious Package in electron-native-notify Critical
GHSA-j8qr-rvcv-crhv was published for electron-native-notify (npm) Sep 11, 2020
Malicious Package in ember-power-timepicker Critical
GHSA-28f8-hqmc-7ph8 was published for ember-power-timepicker (npm) Sep 11, 2020
Malicious Package in github-jquery-widgets Critical
GHSA-c722-pv5w-cfg2 was published for github-jquery-widgets (npm) Sep 11, 2020
Malicious Package in grunt-radic Critical
GHSA-9p49-cwh3-4qhf was published for grunt-radic (npm) Sep 11, 2020
Malicious Package in ng-ui-library Critical
GHSA-2xw5-3767-qxvm was published for ng-ui-library (npm) Sep 11, 2020
Malicious Package in grunt-radical Critical
GHSA-4627-w373-375v was published for grunt-radical (npm) Sep 11, 2020
Malicious Package in scroool Critical
GHSA-p7w2-mc6m-mfx2 was published for scroool (npm) Sep 11, 2020
Malicious Package in precode.js Critical
GHSA-5w4r-wwc3-6qcp was published for precode.js (npm) Sep 11, 2020
Malicious Package in react-datepicker-plus Critical
GHSA-4wcx-c9c4-89p2 was published for react-datepicker-plus (npm) Sep 11, 2020
Malicious Package in motiv.scss Critical
GHSA-2vqq-jgxx-fxjc was published for motiv.scss (npm) Sep 11, 2020
Malicious Package in radic-util Critical
GHSA-8qh7-xw58-3ww7 was published for radic-util (npm) Sep 11, 2020
Authorization Bypass in Spring Security Critical
CVE-2014-3527 was published for org.springframework.security:spring-security-core (Maven) Sep 15, 2020
MarkLee131
Out of bounds write in tensorflow-lite Critical
CVE-2020-15214 was published for tensorflow (pip) Sep 25, 2020
Out of bounds access in tensorflow-lite Critical
CVE-2020-15212 was published for tensorflow (pip) Sep 25, 2020
Malicious code in `electorn` Critical
GHSA-38hx-3542-8fh3 was published for electorn (npm) Oct 1, 2020
Malicious code in `loadyaml` Critical
GHSA-mfc2-93pr-jf92 was published for loadyaml (npm) Oct 1, 2020
Markdown-supplied Shell Command Execution Critical
CVE-2020-15271 was published for lookatme (pip) Oct 27, 2020
Remote Code Execution in Apache Synapse Critical
CVE-2017-15708 was published for org.apache.synapse:synapse-core (Maven) Nov 4, 2020
LDAP authentication bypass with empty password Critical
CVE-2020-26214 was published for alerta-server (pip) Nov 6, 2020
CasperGN
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database