Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,382 advisories

Loading
Downloads Resources over HTTP in fis-parser-sass-bin High
CVE-2016-10660 was published for fis-parser-sass-bin (npm) Feb 18, 2019
Downloads Resources over HTTP in co-cli-installer High
CVE-2016-10657 was published for co-cli-installer (npm) Feb 18, 2019
Downloads Resources over HTTP in tomita High
CVE-2016-10662 was published for tomita (npm) Feb 18, 2019
Denial of Service in mqtt-packet High
CVE-2016-10523 was published for mqtt-packet (npm) Feb 18, 2019
Downloads Resources over HTTP in sfml High
CVE-2016-10654 was published for sfml (npm) Feb 18, 2019
Keystone is vulnerable to CSV injection High
CVE-2017-15879 was published for keystone (npm) Nov 16, 2017
Downloads Resources over HTTP in air-sdk High
CVE-2016-10603 was published for air-sdk (npm) Feb 18, 2019
Symlink Arbitrary File Overwrite in tar High
CVE-2015-8860 was published for tar (npm) Oct 24, 2017
High severity vulnerability that affects electron High
CVE-2016-1202 was published for electron (npm) Oct 24, 2017
Downloads Resources over HTTP in macaca-chromedriver High
CVE-2016-10586 was published for macaca-chromedriver (npm) Feb 18, 2019
Downloads Resources over HTTP in kindlegen High
CVE-2016-10575 was published for kindlegen (npm) Feb 18, 2019
Downloads Resources over HTTP in healthcenter High
CVE-2016-10684 was published for healthcenter (npm) Feb 18, 2019
Downloads Resources over HTTP in nw High
CVE-2016-10588 was published for nw (npm) Feb 18, 2019
Downloads Resources over HTTP in libxl High
CVE-2016-10585 was published for libxl (npm) Feb 18, 2019
Downloads Resources over HTTP in unicode-json High
CVE-2016-10610 was published for unicode-json (npm) Feb 18, 2019
Downloads Resources over HTTP in mystem-fix High
CVE-2016-10698 was published for mystem-fix (npm) Jul 27, 2018
Downloads Resources over HTTP in iedriver High
CVE-2016-10562 was published for iedriver (npm) Feb 18, 2019
Downloads Resources over HTTP in node-thulac High
CVE-2016-10640 was published for node-thulac (npm) Feb 18, 2019
Missing Origin Validation in webpack-dev-server High
CVE-2018-14732 was published for webpack-dev-server (npm) Jan 4, 2019
NikoRaisanen
Downloads Resources over HTTP in haxe-dev High
CVE-2016-10637 was published for haxe-dev (npm) Feb 18, 2019
Downloads Resources over HTTP in grunt-ccompiler High
CVE-2016-10636 was published for grunt-ccompiler (npm) Feb 18, 2019
High severity vulnerability that affects gun High
GHSA-886v-mm6p-4m66 was published for gun (npm) Jun 5, 2019
JK0N
SQL Injection in waterline-sequel High
CVE-2016-10551 was published for waterline-sequel (npm) Feb 18, 2019
Electron protocol handler browser vulnerable to Command Injection High
CVE-2018-1000118 was published for electron (npm) Mar 26, 2018
SQL Injection in sequelize High
CVE-2016-10550 was published for sequelize (npm) Feb 18, 2019
ProTip! Advisories are also available from the GraphQL API