GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
417 advisories
Filter by severity
Publify contains Weak Password Requirements
Moderate
CVE-2023-0569
was published
for
publify_core
(RubyGems)
Jan 29, 2023
Improper neutralization of `noscript` element content may allow XSS in Sanitize
Moderate
CVE-2023-23627
was published
for
sanitize
(RubyGems)
Jan 28, 2023
xaviershay-dm-rails Gem for Ruby exposes sensitive information via the process table
Moderate
CVE-2015-2179
was published
for
xaviershay-dm-rails
(RubyGems)
Jan 26, 2023
Several quadratic complexity bugs may lead to denial of service in Commonmarker
Moderate
GHSA-636f-xm5j-pj9m
was published
for
commonmarker
(RubyGems)
Jan 24, 2023
Open Redirect Vulnerability in Action Pack
Moderate
CVE-2023-22797
was published
for
actionpack
(RubyGems)
Jan 18, 2023
Sisimai Inefficient Regular Expression Complexity vulnerability
Moderate
CVE-2022-4891
was published
for
sisimai
(RubyGems)
Jan 17, 2023
Publify Core does not strip metadata from images
Moderate
CVE-2022-2815
was published
for
publify_core
(RubyGems)
Jan 14, 2023
Inline SVG vulnerable to Cross-site Scripting
Moderate
CVE-2020-36644
was published
for
inline_svg
(RubyGems)
Jan 7, 2023
httparty has multipart/form-data request tampering vulnerability
Moderate
CVE-2024-22049
was published
for
httparty
(RubyGems)
Jan 3, 2023
keynote Cross-site Scripting vulnerability
Moderate
CVE-2017-20159
was published
for
keynote
(RubyGems)
Dec 31, 2022
Oxidized Web vulnerable to Cross-site Scripting
Moderate
CVE-2019-25088
was published
for
oxidized-web
(RubyGems)
Dec 27, 2022
text_helpers uses web link to untrusted target with window.opener access
Moderate
CVE-2020-36624
was published
for
text_helpers
(RubyGems)
Dec 22, 2022
Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Moderate
CVE-2022-23520
was published
for
rails-html-sanitizer
(RubyGems)
Dec 13, 2022
Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Moderate
CVE-2022-23519
was published
for
rails-html-sanitizer
(RubyGems)
Dec 13, 2022
Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Moderate
CVE-2022-23518
was published
for
rails-html-sanitizer
(RubyGems)
Dec 13, 2022
Improper neutralization of data URIs may allow XSS in Loofah
Moderate
CVE-2022-23515
was published
for
loofah
(RubyGems)
Dec 13, 2022
Duplicate Advisory: Resque Scheduler Reflected XSS In Delayed Jobs View
Moderate
GHSA-q7jc-v6f2-q9jr
was published
for
resque-scheduler
(RubyGems)
Dec 13, 2022
•
withdrawn
Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Moderate
GHSA-2qc6-mcvw-92cw
was published
for
nokogiri
(RubyGems)
Oct 18, 2022
Fat Free CRM vulnerable to Remote Denial of Service via Tasks endpoint
Moderate
CVE-2022-39281
was published
for
fat_free_crm
(RubyGems)
Oct 7, 2022
protobuf-java has a potential Denial of Service issue
Moderate
CVE-2022-3171
was published
for
com.google.protobuf:protobuf-java
(RubyGems)
Oct 4, 2022
Unbounded resource exhaustion in cmark-gfm autolink extension may lead to denial of service
Moderate
GHSA-4qw4-jpp4-8gvp
was published
for
commonmarker
(RubyGems)
Sep 21, 2022
update_by_case before 0.1.3 can be vulnerable to sql injection
Moderate
CVE-2022-35956
was published
for
update_by_case
(RubyGems)
Aug 11, 2022
administrate vulnerable to Cross-Site Request Forgery
Moderate
CVE-2016-3098
was published
for
administrate
(RubyGems)
Aug 6, 2022
jQuery UI vulnerable to XSS when refreshing a checkboxradio with an HTML-like initial text label
Moderate
CVE-2022-31160
was published
for
jQuery.UI.Combined
(RubyGems)
Jul 18, 2022
Gollum Cross-site Scripting vulnerability via filename parameter to New Page dialog
Moderate
CVE-2020-35305
was published
for
gollum
(RubyGems)
Jul 16, 2022
ProTip!
Advisories are also available from the
GraphQL API