GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
57 advisories
Filter by severity
Spina Cross-site Scripting vulnerability
Low
CVE-2023-3445
was published
for
spina
(RubyGems)
Jun 28, 2023
Sensitive Terraform Output Values Printed At Info Logging Level In Kitchen-Terraform
Low
CVE-2023-30618
was published
for
kitchen-terraform
(RubyGems)
Apr 24, 2023
Insecure use of temporary files in Phusion passenger
Low
CVE-2014-1832
was published
for
passenger
(RubyGems)
Oct 10, 2018
Denial of Service Vulnerability in Rack Content-Disposition parsing
Low
CVE-2022-44571
was published
for
rack
(RubyGems)
Jan 18, 2023
Denial of service via multipart parsing in Rack
Low
CVE-2022-44572
was published
for
rack
(RubyGems)
Jan 18, 2023
ember-source Cross-site Scripting vulnerability
Low
CVE-2014-0046
was published
for
ember-source
(RubyGems)
Aug 28, 2018
ReDoS based DoS vulnerability in GlobalID
Low
CVE-2023-22799
was published
for
globalid
(RubyGems)
Jan 18, 2023
Kafo allows local users to obtain passwords and other sensitive information by reading default_values.yaml
Low
CVE-2014-0135
was published
for
kafo
(RubyGems)
May 17, 2022
RuboCop gem Insecure use of /tmp
Low
CVE-2017-8418
was published
for
rubocop
(RubyGems)
Nov 15, 2017
Paratrooper-newrelic Exposes of Sensitive Information to an Unauthorized Actor
Low
CVE-2014-1234
was published
for
paratrooper-newrelic
(RubyGems)
Oct 24, 2017
Active Support Possibly Discloses Locally Encrypted Files
Low
CVE-2023-38037
was published
for
activesupport
(RubyGems)
Aug 23, 2023
ReDoS based DoS vulnerability in Active Support's underscore
Low
CVE-2023-22796
was published
for
activesupport
(RubyGems)
Jan 18, 2023
Possible Denial of Service Vulnerability in Rack's header parsing
Low
CVE-2023-27539
was published
for
rack
(RubyGems)
Mar 15, 2023
ruby_parser allows local users to overwrite arbitrary files via symlink attack on temporary file with predictable name
Low
CVE-2013-0162
was published
for
ruby_parser
(RubyGems)
May 5, 2022
Octopoller gem published with world-writable files
Low
CVE-2022-31071
was published
for
octopoller
(RubyGems)
Jun 15, 2022
Insecure use of temporary files in passenger
Low
CVE-2014-1831
was published
for
passenger
(RubyGems)
Oct 10, 2018
Local API Login Credentials Disclosure in paratrooper-pingdom
Low
CVE-2014-1233
was published
for
paratrooper-pingdom
(RubyGems)
Oct 24, 2017
Phusion Passenger allows remote attackers to spoof headers
Low
CVE-2015-7519
was published
for
passenger
(RubyGems)
Oct 10, 2018
Puppet Labs Facter allows local users to obtain sensitive Amazon EC2 IAM instance metadata
Low
CVE-2015-1426
was published
for
facter
(RubyGems)
May 14, 2022
ReDoS based DoS vulnerability in Action Dispatch
Low
CVE-2023-22795
was published
for
actionpack
(RubyGems)
Jan 18, 2023
Puppet supports use of IP addresses in certnames without warning of potential risks
Low
CVE-2012-3408
was published
for
puppet
(RubyGems)
Oct 24, 2017
CSRF allows attacker to finalize/unfinalize order adjustments in solidus_backend
Low
CVE-2022-31000
was published
for
solidus_backend
(RubyGems)
Jun 1, 2022
Puma with proxy which forwards LF characters as line endings could allow HTTP request smuggling
Low
CVE-2021-41136
was published
for
puma
(RubyGems)
Oct 12, 2021
Gitaly Insufficient Session Expiration vulnerability
Low
CVE-2020-13353
was published
for
gitaly
(RubyGems)
May 24, 2022
Katello cleartext password storage issue
Low
CVE-2019-14825
was published
for
katello
(RubyGems)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API