GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
417 advisories
Filter by severity
Devise-Two-Factor vulnerable to brute force attacks
Moderate
CVE-2024-0227
was published
for
devise-two-factor
(RubyGems)
Jan 12, 2024
•
withdrawn
Nokogiri update packaged libxml2 to v2.12.5 to resolve CVE-2024-25062
Moderate
GHSA-xc9x-jj77-9p9j
was published
for
nokogiri
(RubyGems)
Feb 5, 2024
ROTP 6.2.2 and 6.2.1 has 0666 permissions for the .rb files.
Moderate
CVE-2024-28862
was published
for
rotp
(RubyGems)
Mar 18, 2024
Use-after-free in libxml2 via Nokogiri::XML::Reader
Moderate
GHSA-vcc3-rw6f-jv97
was published
for
nokogiri
(RubyGems)
Mar 18, 2024
json-jwt allows bypass of identity checks via a sign/encryption confusion attack
Moderate
CVE-2023-51774
was published
for
json-jwt
(RubyGems)
Feb 29, 2024
Rack CORS Middleware has Insecure File Permissions
Moderate
CVE-2024-27456
was published
for
rack-cors
(RubyGems)
Feb 26, 2024
Sisimai Inefficient Regular Expression Complexity vulnerability
Moderate
CVE-2022-4891
was published
for
sisimai
(RubyGems)
Jan 17, 2023
Oxidized Web vulnerable to Cross-site Scripting
Moderate
CVE-2019-25088
was published
for
oxidized-web
(RubyGems)
Dec 27, 2022
Withdrawn Advisory: Fat Free CRM Cross-site Scripting vulnerability
Moderate
CVE-2019-10226
was published
for
fat_free_crm
(RubyGems)
May 24, 2022
•
withdrawn
Cross-site scripting (XSS) in the dynamic file uploads
Moderate
CVE-2023-51447
was published
for
decidim
(RubyGems)
Feb 20, 2024
Possible CSRF attack at questionnaire templates preview
Moderate
CVE-2023-47635
was published
for
decidim-templates
(RubyGems)
Feb 20, 2024
Possibility to circumvent the invitation token expiry period
Moderate
CVE-2023-48220
was published
for
decidim
(RubyGems)
Feb 20, 2024
actionpack Open Redirect in Host Authorization Middleware
Moderate
CVE-2021-44528
was published
for
actionpack
(RubyGems)
Dec 14, 2021
Chef Improper Access Control vulnerability
Moderate
CVE-2010-5142
was published
for
chef
(RubyGems)
May 17, 2022
Denial of Service in uap-core when processing crafted User-Agent strings
Moderate
CVE-2020-5243
was published
for
uap-core
(RubyGems)
Feb 20, 2020
Puppet Arbitrary Command Execution
Moderate
CVE-2012-1988
was published
for
puppet
(RubyGems)
May 14, 2022
Open Redirect in ActionPack
Moderate
CVE-2021-22942
was published
for
actionpack
(RubyGems)
Aug 26, 2021
Rails::Html::Sanitizer vulnerable to Cross-site Scripting
Moderate
CVE-2022-32209
was published
for
rails-html-sanitizer
(RubyGems)
Jun 25, 2022
Duplicate Advisory: httparty has multipart/form-data request tampering vulnerability
Moderate
GHSA-g47j-3m2m-74qv
was published
for
httparty
(RubyGems)
Jan 4, 2024
•
withdrawn
Resque vulnerable to Reflected Cross Site Scripting through pathnames
Moderate
CVE-2023-50724
was published
for
resque
(RubyGems)
Dec 18, 2023
Puppet does not properly restrict access to node resources
Moderate
CVE-2011-0528
was published
for
puppet
(RubyGems)
May 14, 2022
Puppet uses predictable filenames, allowing arbitrary file overwrite
Moderate
CVE-2011-3871
was published
for
puppet
(RubyGems)
May 14, 2022
Puppet allows local users to modify the permissions of arbitrary files
Moderate
CVE-2011-3870
was published
for
puppet
(RubyGems)
May 14, 2022
Puppet arbitrary file overwrite
Moderate
CVE-2011-3869
was published
for
puppet
(RubyGems)
May 14, 2022
Cross-site scripting (XSS) in Action messages on Avo
Moderate
CVE-2024-22411
was published
for
avo
(RubyGems)
Jan 17, 2024
ProTip!
Advisories are also available from the
GraphQL API