GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
417 advisories
Filter by severity
CSRF Vulnerability in rails-ujs
Moderate
CVE-2020-8167
was published
for
actionview
(RubyGems)
Jul 7, 2020
Untrusted users can run pending migrations in production in Rails
Moderate
CVE-2020-8185
was published
for
actionpack
(RubyGems)
Jun 24, 2020
Cross-Site Scripting in Kaminari
Moderate
CVE-2020-11082
was published
for
kaminari
(RubyGems)
May 28, 2020
Ability to forge per-form CSRF tokens in Rails
Moderate
CVE-2020-8166
was published
for
actionpack
(RubyGems)
May 26, 2020
HTTP Smuggling via Transfer-Encoding Header in Puma
Moderate
CVE-2020-11077
was published
for
puma
(RubyGems)
May 22, 2020
Cross-Site Scripting in jquery
Moderate
CVE-2020-7656
was published
for
jQuery
(RubyGems)
May 20, 2020
Potential XSS vulnerability in jQuery
Moderate
CVE-2020-11023
was published
for
jQuery
(RubyGems)
Apr 29, 2020
Potential XSS vulnerability in jQuery
Moderate
CVE-2020-11022
was published
for
jquery
(RubyGems)
Apr 29, 2020
Cross site scripting vulnerability in ActionView
Moderate
CVE-2020-5267
was published
for
actionview
(RubyGems)
Mar 19, 2020
HTTP Response Splitting (Early Hints) in Puma
Moderate
CVE-2020-5249
was published
for
puma
(RubyGems)
Mar 3, 2020
HTTP Response Splitting in Puma
Moderate
CVE-2020-5247
was published
for
puma
(RubyGems)
Feb 28, 2020
Denial of Service in uap-core when processing crafted User-Agent strings
Moderate
CVE-2020-5243
was published
for
uap-core
(RubyGems)
Feb 20, 2020
Directive injection when using dynamic overrides with user input
Moderate
CVE-2020-5217
was published
for
secure_headers
(RubyGems)
Jan 23, 2020
Limited header injection when using dynamic overrides with user input in RubyGems secure_headers
Moderate
CVE-2020-5216
was published
for
secure_headers
(RubyGems)
Jan 23, 2020
Possible Information Leak / Session Hijack Vulnerability in Rack
Moderate
CVE-2019-16782
was published
for
rack
(RubyGems)
Dec 18, 2019
In RubyGem excon, interrupted Persistent Connections May Leak Response Data
Moderate
CVE-2019-16779
was published
for
excon
(RubyGems)
Dec 16, 2019
A poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack
Moderate
CVE-2019-16770
was published
for
puma
(RubyGems)
Dec 5, 2019
The rack-cors rubygem may allow directory traveral
Moderate
CVE-2019-18978
was published
for
rack-cors
(RubyGems)
Nov 15, 2019
Loofah Allows Cross-site Scripting
Moderate
CVE-2019-15587
was published
for
loofah
(RubyGems)
Nov 5, 2019
Haml vulnerable to cross-site scripting
Moderate
CVE-2017-1002201
was published
for
haml
(RubyGems)
Oct 21, 2019
Cross-site scripting in padrino-contrib
Moderate
CVE-2019-16145
was published
for
padrino-contrib
(RubyGems)
Sep 23, 2019
Authentication Bypass in Devise
Moderate
CVE-2019-16109
was published
for
devise
(RubyGems)
Sep 11, 2019
Cross-site scripting in fat_free_crm
Moderate
CVE-2018-20975
was published
for
fat_free_crm
(RubyGems)
Aug 21, 2019
ProTip!
Advisories are also available from the
GraphQL API