Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

21,750 advisories

Loading
Malicious Package in load-from-cwd-or-npm Critical
GHSA-jxf5-7x3j-8j9m was published for load-from-cwd-or-npm (npm) Sep 3, 2020
Malicious Package in ali-contributor Critical
GHSA-h3m2-h22h-695r was published for ali-contributor (npm) Sep 3, 2020
Malicious Package in asymc Critical
GHSA-x6ch-c6rv-f7wh was published for asymc (npm) Sep 2, 2020
Malicious Package in colro-name Critical
GHSA-jp9g-5x75-ccp8 was published for colro-name (npm) Sep 2, 2020
Malicious Package in tensorplow Critical
GHSA-m2fp-c79h-rr79 was published for tensorplow (npm) Sep 2, 2020
Malicious Package in js-regular Critical
GHSA-qcc9-q247-3m2m was published for js-regular (npm) Sep 3, 2020
Malicious Package in saync Critical
GHSA-pm9v-325f-5g74 was published for saync (npm) Sep 2, 2020
Malicious Package in hulp Critical
GHSA-fqw7-8v6m-2f86 was published for hulp (npm) Sep 2, 2020
Malicious Package in jquerz Critical
GHSA-c6f3-3c98-2j2f was published for jquerz (npm) Sep 2, 2020
Malicious Package in bowe Critical
GHSA-xmmp-hrmx-x5g7 was published for bowe (npm) Sep 2, 2020
Malicious Package in froever Critical
GHSA-2r8f-2665-3gxq was published for froever (npm) Sep 2, 2020
Malicious Package in yeoman-genrator Critical
GHSA-fm7r-2pr7-rw2p was published for yeoman-genrator (npm) Sep 2, 2020
Malicious Package in erquest Critical
GHSA-4pmg-jgm5-3jg6 was published for erquest (npm) Sep 2, 2020
Malicious Package in js-base64-int Critical
GHSA-76qf-6mvw-c5hm was published for js-base64-int (npm) Sep 3, 2020
Malicious Package in koa-body-parse Critical
GHSA-wqgq-mfvj-6qxp was published for koa-body-parse (npm) Sep 3, 2020
Malicious Package in mogodb-core Critical
GHSA-g4m3-rpxr-h7vg was published for mogodb-core (npm) Sep 3, 2020
Malicious Package in serializes Critical
GHSA-j899-348x-h3rq was published for serializes (npm) Sep 3, 2020
Malicious Package in sparkies Critical
GHSA-c4fm-46gm-4469 was published for sparkies (npm) Sep 3, 2020
Malicious Package in evil-package Critical
GHSA-p62r-jf56-h429 was published for evil-package (npm) Sep 3, 2020
Malicious Package in browserift Critical
GHSA-43vf-2x6g-p2m5 was published for browserift (npm) Sep 2, 2020
Malicious Package in jqeury Critical
GHSA-4964-cjrr-jg97 was published for jqeury (npm) Sep 2, 2020
Malicious Package in font-scrubber Critical
GHSA-65j7-66p7-9xgf was published for font-scrubber (npm) Sep 2, 2020
Path Traversal in swagger-injector Critical
GHSA-v4x8-gw49-7hv4 was published for swagger-injector (npm) Sep 3, 2020
Path Traversal in @wturyn/swagger-injector Critical
GHSA-4x7w-frcq-v4m3 was published for @wturyn/swagger-injector (npm) Sep 3, 2020
Malicious Package in axioss Critical
GHSA-8w9j-6wg6-qv4f was published for axioss (npm) Sep 3, 2020
ProTip! Advisories are also available from the GraphQL API