Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

382 advisories

Loading
Malicious Package in eslint-scope Critical
GHSA-hxxf-q3w9-4xgw was published for eslint-config-eslint (npm) Jul 12, 2018
volkdm
Withdrawn Advisory: mariadb was malware High
CVE-2017-16046 was published for mariadb (npm) Jul 18, 2018 withdrawn
nodefabric is malware High
CVE-2017-16054 was published for nodefabric (npm) Jul 23, 2018
sqliter is malware High
CVE-2017-16051 was published for sqliter (npm) Jul 23, 2018
node-fabric is malware High
CVE-2017-16052 was published for node-fabric (npm) Jul 23, 2018
fabric-js is malware High
CVE-2017-16053 was published for fabric-js (npm) Jul 23, 2018
nodesqlite is malware High
CVE-2017-16049 was published for nodesqlite (npm) Jul 23, 2018
sqlite.js is malware Moderate
CVE-2017-16050 was published for sqlite.js (npm) Jul 23, 2018
jquery.js is malware High
CVE-2017-16045 was published for jquery.js (npm) Jul 23, 2018
7h3Rabbit
node-sqlite is malware High
CVE-2017-16048 was published for node-sqlite (npm) Jul 23, 2018
d3.js is malware High
CVE-2017-16044 was published for d3.js (npm) Jul 23, 2018
cofeescript is malware Moderate
CVE-2017-16202 was published for cofeescript (npm) Aug 6, 2018
coffe-script is malware High
CVE-2017-16203 was published for coffe-script (npm) Aug 6, 2018
coffescript is malware High
CVE-2017-16205 was published for coffescript (npm) Aug 6, 2018
jquey is malware Moderate
CVE-2017-16204 was published for jquey (npm) Aug 6, 2018
discordi.js is malware High
CVE-2017-16207 was published for discordi.js (npm) Aug 6, 2018
Shadowsock is malware Moderate
CVE-2017-16078 was published for shadowsock (npm) Aug 27, 2018
crossenv is malware High
CVE-2017-16074 was published for crossenv (npm) Aug 29, 2018
http-proxy.js is malware High
CVE-2017-16075 was published for http-proxy.js (npm) Aug 29, 2018
Hijacked Environment Variables in proxy.js Moderate
CVE-2017-16076 was published for proxy.js (npm) Aug 29, 2018
smb is malware High
CVE-2017-16079 was published for smb (npm) Aug 29, 2018
nodeffmpeg is malware High
CVE-2017-16069 was published for nodeffmpeg (npm) Aug 29, 2018
nodecaffe is malware High
CVE-2017-16070 was published for nodecaffe (npm) Aug 29, 2018
nodemailer-js is malware High
CVE-2017-16071 was published for nodemailer-js (npm) Aug 29, 2018
nodemailer.js is malware High
CVE-2017-16072 was published for nodemailer.js (npm) Aug 29, 2018
ProTip! Advisories are also available from the GraphQL API