Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,821
Maven
5,000+
npm
5,000+
NuGet
939
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,357
Swift
54
Unreviewed advisories
All unreviewed
5,000+

430 advisories

Loading
A supply chain attack compromised the official installation packages of DAEMON Tools Lite ... Critical Unreviewed
CVE-2026-8398 was published May 15, 2026
Malware in @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys Critical
CVE-2026-45321 was published for @tanstack/arktype-adapter (npm) May 12, 2026
ashishkurmi Credited to ashishkurmi
Compromised version of intercom-client published to npm Critical
GHSA-54pg-9963-v8vg was published for intercom-client (npm) May 7, 2026
Compromised tag of intercom-php published via GitHub Critical
GHSA-gr3r-crp5-qrrm was published for intercom/intercom-php (Composer) May 7, 2026
Compromise of PyTorch Lightning PyPi Package Versions Critical
CVE-2026-44484 was published for pytorch-lightning (pip) May 7, 2026
`mysten-metrics` was removed from crates.io for malicious code Critical
GHSA-g38r-8gmr-ghrf was published for mysten-metrics (Rust) May 4, 2026
`sui-execution-cut` was removed from crates.io for malicious code Critical
GHSA-qprh-m6p3-hwxc was published for sui-execution-cut (Rust) May 4, 2026
The Accordion and Accordion Slider plugin for WordPress is vulnerable to an injected backdoor in... Critical Unreviewed
CVE-2026-6443 was published Apr 17, 2026
Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla contains a multi-stage remote access... Critical Unreviewed
CVE-2026-34424 was published Apr 10, 2026
Axios npm Supply Chain Incident Impacting @usebruno/cli Critical
CVE-2026-34841 was published for @usebruno/cli (npm) Apr 2, 2026
Telnyx has malicious code in PyPI versions 4.87.1 and 4.87.2 Critical
GHSA-955r-262c-33jc was published for telnyx (pip) Mar 30, 2026
Two LiteLLM versions published containing credential harvesting malware Critical
GHSA-5mg7-485q-xm76 was published for litellm (pip) Mar 25, 2026
Trivy ecosystem supply chain was briefly compromised Critical
CVE-2026-33634 was published for aquasecurity/setup-trivy (GitHub Actions) Mar 24, 2026
xygeni-action v5 tag poisoned with C2 backdoor Critical
CVE-2026-31976 was published for xygeni/xygeni-action (GitHub Actions) Mar 11, 2026
Nick2bad4u Credited to Nick2bad4u
The OVRI Payment plugin for WordPress contains malicious .htaccess files in version 1.7.0. The... Moderate Unreviewed
CVE-2024-10938 was published Feb 27, 2026
`polymarket-client-sdks` was removed from crates.io for malicious code Critical
GHSA-p5vf-5754-x7p3 was published for polymarket-client-sdks (Rust) Feb 13, 2026
`sha-rst` was removed from crates.io for malicious code Critical
GHSA-vgr2-r5hm-f6gf was published for sha-rst (Rust) Feb 12, 2026
`finch_cli_rust` was removed from crates.io for malicious code Critical
GHSA-6v2j-vr4h-f632 was published for finch_cli_rust (Rust) Feb 12, 2026
`finch-rst` was removed from crates.io for malicious code Critical
GHSA-xp79-9mxw-878j was published for finch-rst (Rust) Feb 12, 2026
A single post-release of dydx-v4-client contained obfuscated multi-stage loader Critical
GHSA-4f84-67cv-qrv3 was published for dydx-v4-client (pip) Feb 6, 2026
"UNSUPPORTED WHEN ASSIGNED" Certain versions of the ASUS Live Update client were distributed with... Critical Unreviewed
CVE-2025-59374 was published Dec 17, 2025
VestaCP commit a3f0fa1 (2018-05-31) up to commit ee03eff (2018-06-13) contain embedded malicious... Critical Unreviewed
CVE-2018-25117 was published Oct 15, 2025
NetSarang Xmanager Enterprise 5.0 Build 1232, Xmanager 5.0 Build 1045, Xshell 5.0 Build 1322,... Critical Unreviewed
CVE-2017-20203 was published Oct 9, 2025
Web Developer for Chrome v0.4.9 contained malicious code that generated a domain via a DGA and... Critical Unreviewed
CVE-2017-20202 was published Oct 9, 2025
CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 (32-bit builds) contained a malicious pre-entry... Critical Unreviewed
CVE-2017-20201 was published Oct 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database