Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

417 advisories

Loading
CSRF Vulnerability in rails-ujs Moderate
CVE-2020-8167 was published for actionview (RubyGems) Jul 7, 2020
Untrusted users can run pending migrations in production in Rails Moderate
CVE-2020-8185 was published for actionpack (RubyGems) Jun 24, 2020
Cross-Site Scripting in Kaminari Moderate
CVE-2020-11082 was published for kaminari (RubyGems) May 28, 2020
viseztrance sonalkr132
Ability to forge per-form CSRF tokens in Rails Moderate
CVE-2020-8166 was published for actionpack (RubyGems) May 26, 2020
HTTP Smuggling via Transfer-Encoding Header in Puma Moderate
CVE-2020-11077 was published for puma (RubyGems) May 22, 2020
Cross-Site Scripting in jquery Moderate
CVE-2020-7656 was published for jQuery (RubyGems) May 20, 2020
klaudialax eoftedal
Potential XSS vulnerability in jQuery Moderate
CVE-2020-11023 was published for jQuery (RubyGems) Apr 29, 2020
masatokinugawa klaudialax
Potential XSS vulnerability in jQuery Moderate
CVE-2020-11022 was published for jquery (RubyGems) Apr 29, 2020
masatokinugawa Churro
Cross site scripting vulnerability in ActionView Moderate
CVE-2020-5267 was published for actionview (RubyGems) Mar 19, 2020
jessecampos
HTTP Response Splitting (Early Hints) in Puma Moderate
CVE-2020-5249 was published for puma (RubyGems) Mar 3, 2020
OS Command Injection in Rake Moderate
CVE-2020-8130 was published for rake (RubyGems) Feb 28, 2020
HTTP Response Splitting in Puma Moderate
CVE-2020-5247 was published for puma (RubyGems) Feb 28, 2020
Denial of Service in uap-core when processing crafted User-Agent strings Moderate
CVE-2020-5243 was published for uap-core (RubyGems) Feb 20, 2020
bcaller
Directive injection when using dynamic overrides with user input Moderate
CVE-2020-5217 was published for secure_headers (RubyGems) Jan 23, 2020
Limited header injection when using dynamic overrides with user input in RubyGems secure_headers Moderate
CVE-2020-5216 was published for secure_headers (RubyGems) Jan 23, 2020
Possible Information Leak / Session Hijack Vulnerability in Rack Moderate
CVE-2019-16782 was published for rack (RubyGems) Dec 18, 2019
will
In RubyGem excon, interrupted Persistent Connections May Leak Response Data Moderate
CVE-2019-16779 was published for excon (RubyGems) Dec 16, 2019
A poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack Moderate
CVE-2019-16770 was published for puma (RubyGems) Dec 5, 2019
The rack-cors rubygem may allow directory traveral Moderate
CVE-2019-18978 was published for rack-cors (RubyGems) Nov 15, 2019
Loofah Allows Cross-site Scripting Moderate
CVE-2019-15587 was published for loofah (RubyGems) Nov 5, 2019
tdunlap607
Haml vulnerable to cross-site scripting Moderate
CVE-2017-1002201 was published for haml (RubyGems) Oct 21, 2019
Rubyzip denial of service Moderate
CVE-2019-16892 was published for rubyzip (RubyGems) Sep 30, 2019
tdunlap607
Cross-site scripting in padrino-contrib Moderate
CVE-2019-16145 was published for padrino-contrib (RubyGems) Sep 23, 2019
Authentication Bypass in Devise Moderate
CVE-2019-16109 was published for devise (RubyGems) Sep 11, 2019
Cross-site scripting in fat_free_crm Moderate
CVE-2018-20975 was published for fat_free_crm (RubyGems) Aug 21, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database