Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
48
Go
3,343
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,550
Pub
12
RubyGems
1,013
Rust
1,203
Swift
51
Unreviewed advisories
All unreviewed
5,000+

419 advisories

Loading
Two LiteLLM versions published containing credential harvesting malware Critical
GHSA-5mg7-485q-xm76 was published for litellm (pip) Mar 25, 2026
Trivy ecosystem supply chain was briefly compromised Critical
CVE-2026-33634 was published for aquasecurity/setup-trivy (GitHub Actions) Mar 24, 2026
xygeni-action v5 tag poisoned with C2 backdoor Critical
CVE-2026-31976 was published for xygeni/xygeni-action (GitHub Actions) Mar 11, 2026
Nick2bad4u Credited to Nick2bad4u
The OVRI Payment plugin for WordPress contains malicious .htaccess files in version 1.7.0. The... Moderate Unreviewed
CVE-2024-10938 was published Feb 27, 2026
`polymarket-client-sdks` was removed from crates.io for malicious code Critical
GHSA-p5vf-5754-x7p3 was published for polymarket-client-sdks (Rust) Feb 13, 2026
`sha-rst` was removed from crates.io for malicious code Critical
GHSA-vgr2-r5hm-f6gf was published for sha-rst (Rust) Feb 12, 2026
`finch_cli_rust` was removed from crates.io for malicious code Critical
GHSA-6v2j-vr4h-f632 was published for finch_cli_rust (Rust) Feb 12, 2026
`finch-rst` was removed from crates.io for malicious code Critical
GHSA-xp79-9mxw-878j was published for finch-rst (Rust) Feb 12, 2026
A single post-release of dydx-v4-client contained obfuscated multi-stage loader Critical
GHSA-4f84-67cv-qrv3 was published for dydx-v4-client (pip) Feb 6, 2026
"UNSUPPORTED WHEN ASSIGNED" Certain versions of the ASUS Live Update client were distributed with... Critical Unreviewed
CVE-2025-59374 was published Dec 17, 2025
VestaCP commit a3f0fa1 (2018-05-31) up to commit ee03eff (2018-06-13) contain embedded malicious... Critical Unreviewed
CVE-2018-25117 was published Oct 15, 2025
NetSarang Xmanager Enterprise 5.0 Build 1232, Xmanager 5.0 Build 1045, Xshell 5.0 Build 1322,... Critical Unreviewed
CVE-2017-20203 was published Oct 9, 2025
CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 (32-bit builds) contained a malicious pre-entry... Critical Unreviewed
CVE-2017-20201 was published Oct 9, 2025
Web Developer for Chrome v0.4.9 contained malicious code that generated a domain via a DGA and... Critical Unreviewed
CVE-2017-20202 was published Oct 9, 2025
NetSarang Xmanager Enterprise 5.0 Build 1232, Xmanager 5.0 Build 1045, Xshell 5.0 Build 1322,... Critical Unreviewed
CVE-2025-34252 was published Oct 7, 2025
TensorFlow v2.18.0 was discovered to output random results when compiling Embedding, leading to... Moderate Unreviewed
CVE-2025-55556 was published Sep 25, 2025
Duplicate Advisory: Malicious versions of Nx were published Critical
GHSA-8mjq-32x3-22qf was published for nx (npm) Sep 25, 2025 withdrawn
is-arrayish@0.3.3 contains malware after npm account takeover High
CVE-2025-59331 was published for is-arrayish (npm) Sep 15, 2025
error-ex@1.3.3 contains malware after npm account takeover High
CVE-2025-59330 was published for error-ex (npm) Sep 15, 2025
color-convert@3.1.1 contains malware after npm account takeover High
CVE-2025-59162 was published for color-convert (npm) Sep 15, 2025
color-name@2.0.1 contains malware after npm account takeover High
CVE-2025-59145 was published for color-name (npm) Sep 15, 2025
debug@4.4.2 contains malware after npm account takeover High
CVE-2025-59144 was published for debug (npm) Sep 15, 2025
color@5.0.1 contains malware after npm account takeover High
CVE-2025-59143 was published for color (npm) Sep 15, 2025
color-string@2.1.1 contains malware after npm account takeover High
CVE-2025-59142 was published for color-string (npm) Sep 15, 2025
simple-swizzle@0.2.3 contains malware after npm account takeover High
CVE-2025-59141 was published for simple-swizzle (npm) Sep 15, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database