GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
417 advisories
Filter by severity
devise Time-of-check Time-of-use Race Condition vulnerability
Moderate
CVE-2019-5421
was published
for
devise
(RubyGems)
Mar 19, 2019
paperclip Cross-site Scripting vulnerability
Moderate
CVE-2015-2963
was published
for
paperclip
(RubyGems)
Oct 24, 2017
rails-html-sanitizer Cross-site Scripting vulnerability
Moderate
CVE-2015-7578
was published
for
rails-html-sanitizer
(RubyGems)
Oct 24, 2017
The rack-cors rubygem may allow directory traveral
Moderate
CVE-2019-18978
was published
for
rack-cors
(RubyGems)
Nov 15, 2019
Cross-site Scripting in Chartkick
Moderate
CVE-2019-12732
was published
for
chartkick
(RubyGems)
Jun 7, 2019
Publify Core does not strip metadata from images
Moderate
CVE-2022-2815
was published
for
publify_core
(RubyGems)
Jan 14, 2023
activesupport vulnerable to Denial of Service via large XML document depth
Moderate
CVE-2015-3227
was published
for
activesupport
(RubyGems)
Oct 24, 2017
private_address_check vulnerable to bypass of Resolv.getaddresses method
Moderate
CVE-2017-0904
was published
for
private_address_check
(RubyGems)
Nov 29, 2017
Loofah Cross-site Scripting vulnerability
Moderate
CVE-2018-16468
was published
for
loofah
(RubyGems)
Nov 1, 2018
Fat Free CRM subject to Cross-site Scripting
Moderate
CVE-2014-5441
was published
for
fat_free_crm
(RubyGems)
May 17, 2022
Fat Free CRM vulnerable to Exposure of Sensitive Information
Moderate
CVE-2013-7249
was published
for
fat_free_crm
(RubyGems)
May 17, 2022
Fat Free CRM vulnerable to SQL Injection
Moderate
CVE-2013-7225
was published
for
fat_free_crm
(RubyGems)
May 17, 2022
Fat Free CRM allows remote attackers to obtain sensitive information via a direct request
Moderate
CVE-2013-7224
was published
for
fat_free_crm
(RubyGems)
May 17, 2022
Fat Free CRM contains Cross-site Request Forgery vulnerablilities
Moderate
CVE-2013-7223
was published
for
fat_free_crm
(RubyGems)
May 17, 2022
XML Injection in Xerces Java affects Nokogiri
Moderate
GHSA-xxx9-3xcr-gjj3
was published
for
nokogiri
(RubyGems)
Apr 11, 2022
Withdrawn: HTTP Request Smuggling in Agoo
Moderate
CVE-2020-7670
was published
for
agoo
(RubyGems)
Oct 20, 2020
•
withdrawn
Moderate severity vulnerability that affects sprockets
Moderate
GHSA-r4x3-g983-9g48
was published
for
sprockets
(RubyGems)
Oct 10, 2018
•
withdrawn
Moderate severity vulnerability that affects actionpack
Moderate
GHSA-m53f-rhq8-q6hf
was published
for
actionpack
(RubyGems)
Sep 17, 2018
•
withdrawn
Moderate severity vulnerability that affects paperclip
Moderate
GHSA-phmw-pv3f-vvx7
was published
for
paperclip
(RubyGems)
Aug 13, 2018
•
withdrawn
Moderate severity vulnerability that affects actionpack
Moderate
GHSA-qf5x-qgx7-437h
was published
for
actionpack
(RubyGems)
Sep 17, 2018
•
withdrawn
Moderate severity vulnerability that affects web-console
Moderate
GHSA-82x2-g7vr-39wq
was published
for
web-console
(RubyGems)
Aug 13, 2018
•
withdrawn
CSS Injection in Chartkick gem
Moderate
CVE-2020-16254
was published
for
chartkick
(RubyGems)
Aug 12, 2020
Moderate severity vulnerability that affects actionpack
Moderate
GHSA-vwfg-qj3r-6v3r
was published
for
actionpack
(RubyGems)
Sep 17, 2018
•
withdrawn
Moderate severity vulnerability that affects doorkeeper
Moderate
GHSA-5p9f-55j8-922m
was published
for
doorkeeper
(RubyGems)
Aug 13, 2018
•
withdrawn
Moderate severity vulnerability that affects rails-html-sanitizer
Moderate
GHSA-mrhj-2g4v-39qx
was published
for
rails-html-sanitizer
(RubyGems)
Sep 17, 2018
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API