GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,285
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,741
NuGet
668
pip
3,422
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+
300 advisories
Filter by severity
Denial of Service in uap-core when processing crafted User-Agent strings
High
GHSA-pcqq-5962-hvcw
was published
for
user_agent_parser
(RubyGems)
Mar 10, 2020
High severity vulnerability that affects rubyzip
High
GHSA-3q5q-f79q-7hr2
was published
for
rubyzip
(RubyGems)
Jul 31, 2018
•
withdrawn
High severity vulnerability that affects festivaltts4r
High
GHSA-9wv8-jgw4-4g28
was published
for
festivaltts4r
(RubyGems)
Aug 15, 2018
•
withdrawn
High severity vulnerability that affects many_versioned_gem
High
GHSA-hhxm-4f85-rgr8
was published
for
many_versioned_gem
(RubyGems)
Feb 5, 2019
•
withdrawn
High severity vulnerability that affects actionpack
High
GHSA-hx46-vwmx-wx95
was published
for
actionpack
(RubyGems)
Aug 13, 2018
•
withdrawn
High severity vulnerability that affects activerecord
High
GHSA-hm48-76wh-q86v
was published
for
activerecord
(RubyGems)
Aug 21, 2018
•
withdrawn
High severity vulnerability that affects espeak-ruby
High
GHSA-w655-w578-99pq
was published
for
espeak-ruby
(RubyGems)
Aug 21, 2018
•
withdrawn
High severity vulnerability that affects safemode
High
GHSA-8474-rc7c-wrhp
was published
for
safemode
(RubyGems)
Aug 8, 2018
•
withdrawn
High severity vulnerability that affects colorscore
High
GHSA-9wcm-rrvh-qjc8
was published
for
colorscore
(RubyGems)
Aug 15, 2018
•
withdrawn
Pageflow vulnerable to insecure direct object reference in membership update endpoint
High
GHSA-qcqv-38jg-2r43
was published
for
pageflow
(RubyGems)
Sep 15, 2022
Pageflow vulnerable to sensitive user data extraction via Ransack query injection
High
GHSA-wrrw-crp8-979q
was published
for
pageflow
(RubyGems)
Sep 15, 2022
Vulnerable dependencies in Nokogiri
High
GHSA-fq42-c5rg-92c2
was published
for
nokogiri
(RubyGems)
Feb 25, 2022
Denial of Service (DoS) in Nokogiri on JRuby
High
GHSA-gx8x-g87m-h5q6
was published
for
nokogiri
(RubyGems)
Apr 11, 2022
Out-of-bounds Write in zlib affects Nokogiri
High
GHSA-v6gp-9mmm-c6p5
was published
for
nokogiri
(RubyGems)
Apr 11, 2022
Integer Overflow or Wraparound in libxml2 affects Nokogiri
High
GHSA-cgx6-hpwq-fhv5
was published
for
nokogiri
(RubyGems)
May 18, 2022
ExifTool vulnerable to arbitrary code execution
High
GHSA-q95h-cqrv-8jv5
was published
for
exiftool_vendored
(RubyGems)
Jan 20, 2023
private_address_check contains Incomplete List of Disallowed Inputs
High
CVE-2017-0909
was published
for
private_address_check
(RubyGems)
Nov 30, 2017
Doorkeeper subject to Incorrect Permission Assignment
High
CVE-2018-1000211
was published
for
doorkeeper
(RubyGems)
Aug 13, 2018
backup-agoddard and backup_checksum have Information Exposure vulnerability
High
CVE-2014-4993
was published
for
backup-agoddard
(RubyGems)
May 14, 2022
Information disclosure issue in Active Resource
High
CVE-2020-8151
was published
for
activeresource
(RubyGems)
May 21, 2020
Sanitize vulnerable to Improper Input Validation and Cross-site Scripting
High
CVE-2018-3740
was published
for
sanitize
(RubyGems)
Mar 21, 2018
Ruby-SAML Improper Authentication vulnerability
High
CVE-2017-11428
was published
for
ruby-saml
(RubyGems)
Jul 5, 2019
Improper Certificate Validation in oauth ruby gem
High
CVE-2016-11086
was published
for
oauth
(RubyGems)
Apr 22, 2021
Exposure of Sensitive Information to an Unauthorized Actor in foreman_fog_proxmox
High
CVE-2021-20259
was published
for
foreman_fog_proxmox
(RubyGems)
Jun 10, 2021
ProTip!
Advisories are also available from the
GraphQL API