GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
21,737 advisories
Filter by severity
Malicious Package in donotinstallthis
Critical
GHSA-73hr-6785-f5p8
was published
for
donotinstallthis
(npm)
Sep 2, 2020
Malicious Package in rimrafall
Critical
GHSA-8hq2-fcqm-39hq
was published
for
rimrafall
(npm)
Sep 2, 2020
Malicious Package in requets
Critical
GHSA-f3pc-c2gf-hvgw
was published
for
requets
(npm)
Sep 2, 2020
Malicious Package in carloprojectlesang
Critical
GHSA-qj2g-642f-4jrv
was published
for
carloprojectlesang
(npm)
Sep 2, 2020
Malicious Package in colour-string
Critical
GHSA-8mmf-qp7j-2w24
was published
for
colour-string
(npm)
Sep 2, 2020
Malicious Package in require-ports
Critical
GHSA-qj3g-wfr7-3cv7
was published
for
require-ports
(npm)
Sep 2, 2020
Malicious Package in uglyfi-js
Critical
GHSA-9xww-fwh9-95c5
was published
for
uglyfi-js
(npm)
Sep 2, 2020
Forgeable Public/Private Tokens in jwt-simple
Critical
CVE-2016-10555
was published
for
jwt-simple
(npm)
Nov 6, 2018
Malicious Package in rpc-websocket
Critical
GHSA-x87g-rgrh-r6g3
was published
for
rpc-websocket
(npm)
Sep 3, 2020
Malicious Package in smartsearchwp
Critical
GHSA-fgp6-8g62-qx6w
was published
for
smartsearchwp
(npm)
Sep 3, 2020
Arbitrary Code Execution in mathjs
Critical
CVE-2017-1001002
was published
for
mathjs
(npm)
Dec 18, 2017
Command Injection in Kylin
Critical
CVE-2020-13925
was published
for
org.apache.kylin:kylin-server-base
(Maven)
Jul 27, 2020
False-positive validity for NFT1 genesis transactions
Critical
CVE-2020-15131
was published
for
slp-validate
(npm)
Jul 30, 2020
Cross-Site Scripting in swagger-ui
Critical
CVE-2016-1000226
was published
for
swagger-ui
(npm)
Sep 1, 2020
Malicious Package in nginxbeautifier
Critical
GHSA-28xx-8j99-m32j
was published
for
nginxbeautifier
(npm)
Sep 1, 2020
Malicious Package in angular-material-sidenav-rnd
Critical
GHSA-qmxf-fxq7-w59f
was published
for
angular-material-sidenav-rnd
(npm)
Sep 1, 2020
Malicious Package in cordova-plugin-china-picker
Critical
GHSA-x9gm-qxhh-rf75
was published
for
cordova-plugin-china-picker
(npm)
Sep 1, 2020
Malicious Package in blingjs
Critical
GHSA-hfc6-79wv-5hpw
was published
for
blingjs
(npm)
Sep 1, 2020
Deserialization of Untrusted Data in jackson-databind
Critical
CVE-2018-19361
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jan 4, 2019
Server-Side Request Forgery (SSRF) in jackson-databind
Critical
CVE-2018-14721
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jan 4, 2019
Malicious Package in soket.js
Critical
GHSA-x6gq-467r-hwcc
was published
for
soket.js
(npm)
Sep 1, 2020
ProTip!
Advisories are also available from the
GraphQL API