GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,285
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,741
NuGet
668
pip
3,422
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+
22 advisories
Filter by severity
Sanitize vulnerable to Improper Input Validation and Cross-site Scripting
High
CVE-2018-3740
was published
for
sanitize
(RubyGems)
Mar 21, 2018
actionpack Improper Input Validation vulnerability
High
CVE-2013-0156
was published
for
actionpack
(RubyGems)
Oct 24, 2017
RubyGems may allow a maliciously crafted gem to overwrite files
High
CVE-2017-0901
was published
for
rubygems-update
(RubyGems)
May 13, 2022
RubyGems Improper Input Validation vulnerability
High
CVE-2017-0900
was published
for
rubygems-update
(RubyGems)
May 14, 2022
actionpack allows remote code execution via application's unrestricted use of render method
High
CVE-2016-2098
was published
for
actionpack
(RubyGems)
Oct 24, 2017
i18n Vulnerable to Denial of Service Attack
High
CVE-2014-10077
was published
for
i18n
(RubyGems)
May 14, 2022
open-uri-cached Gem for Ruby Unsafe Temporary File Creation Enables Code Execution
High
CVE-2015-3649
was published
for
open-uri-cached
(RubyGems)
May 13, 2022
RubyGems passenger gem allows remote attackers to delete files
High
CVE-2012-6135
was published
for
passenger
(RubyGems)
Apr 23, 2022
nori contains Improper Input Validation
High
CVE-2013-0285
was published
for
nori
(RubyGems)
Oct 24, 2017
Moped Rubygem Data Injection Vulnerability
High
CVE-2015-4410
was published
for
moped
(RubyGems)
Aug 19, 2020
Ox gem crashes due to a crafted input
High
CVE-2017-15928
was published
for
ox
(RubyGems)
Nov 21, 2017
Rack allows Percent-encoded cookies to overwrite existing prefixed cookie names
High
CVE-2020-8184
was published
for
rack
(RubyGems)
Jun 24, 2020
Unsafe object creation in json RubyGem
High
CVE-2020-10663
was published
for
json
(RubyGems)
Jul 27, 2020
Mail Gem Improper Input Validation vulnerability
High
CVE-2012-2140
was published
for
mail
(RubyGems)
Oct 24, 2017
Improper Input Validation in multi_xml
High
CVE-2013-0175
was published
for
multi_xml
(RubyGems)
Oct 24, 2017
JSON gem has Improper Input Validation vulnerability
High
CVE-2013-0269
was published
for
json
(RubyGems)
Oct 24, 2017
High severity vulnerability that affects thin
High
CVE-2009-3287
was published
for
thin
(RubyGems)
Oct 24, 2017
Puppet Improper Input Validation vulnerability
High
CVE-2013-1655
was published
for
puppet
(RubyGems)
Oct 24, 2017
Puppet Improper Input Validation vulnerability
High
CVE-2013-3567
was published
for
puppet
(RubyGems)
Oct 24, 2017
avo possible unsafe reflection / partial DoS vulnerability
High
CVE-2023-34102
was published
for
avo
(RubyGems)
Jun 6, 2023
protobuf-java has potential Denial of Service issue
High
CVE-2024-7254
was published
for
com.google.protobuf:protobuf-java
(RubyGems)
Sep 19, 2024
ProTip!
Advisories are also available from the
GraphQL API