GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
417 advisories
Filter by severity
Ember.js Potential XSS Exploit When Binding `tagName` to User-Supplied Data
Moderate
CVE-2013-4170
was published
for
ember-source
(RubyGems)
Jul 1, 2022
Externally Controlled Reference to a Resource in Another Sphere in ruby-mysql
Moderate
CVE-2021-3779
was published
for
ruby-mysql
(RubyGems)
Jun 29, 2022
Rails::Html::Sanitizer vulnerable to Cross-site Scripting
Moderate
CVE-2022-32209
was published
for
rails-html-sanitizer
(RubyGems)
Jun 25, 2022
Mechanize before v2.8.5 vulnerable to authorization header leak on port redirect
Moderate
CVE-2022-31033
was published
for
mechanize
(RubyGems)
Jun 9, 2022
Use of Uninitialized Variable in trilogy
Moderate
CVE-2022-31026
was published
for
trilogy
(RubyGems)
Jun 6, 2022
Camaleon CMS Stored Cross-site Scripting vulnerability
Moderate
CVE-2021-25969
was published
for
camaleon_cms
(RubyGems)
May 24, 2022
Cross site scripting in publify
Moderate
CVE-2021-25974
was published
for
publify_core
(RubyGems)
May 24, 2022
Cross site scripting in publify
Moderate
CVE-2021-25975
was published
for
publify_core
(RubyGems)
May 24, 2022
net-ldap has weak salt when generating passwords
Moderate
CVE-2014-0083
was published
for
net-ldap
(RubyGems)
May 24, 2022
Camaleon CMS vulnerable to Uncaught Exception
Moderate
CVE-2021-25971
was published
for
camaleon_cms
(RubyGems)
May 24, 2022
Camaleon CMS vulnerable to Server-Side Request Forgery
Moderate
CVE-2021-25972
was published
for
camaleon_cms
(RubyGems)
May 24, 2022
apollo_upload_server has Denial of Service vulnerability
Moderate
CVE-2021-39880
was published
for
apollo_upload_server
(RubyGems)
May 24, 2022
Smashing Cross-site Scripting vulnerability
Moderate
CVE-2021-35440
was published
for
smashing
(RubyGems)
May 24, 2022
Nokogiri Implements libxml2 version vulnerable to null pointer dereferencing
Moderate
CVE-2021-3537
was published
for
nokogiri
(RubyGems)
May 24, 2022
Devise Token Auth vulnerable to Cross-site Scripting
Moderate
CVE-2019-16751
was published
for
devise_token_auth
(RubyGems)
May 24, 2022
Withdrawn Advisory: Fat Free CRM Cross-site Scripting vulnerability
Moderate
CVE-2019-10226
was published
for
fat_free_crm
(RubyGems)
May 24, 2022
•
withdrawn
Publify has Improper Access Controls
Moderate
CVE-2022-1810
was published
for
publify_core
(RubyGems)
May 24, 2022
openshift-origin-node Improper Input Validation vulnerability
Moderate
CVE-2014-0084
was published
for
openshift-origin-node
(RubyGems)
May 17, 2022
Spree does not properly restrict the use of a hash to provide values for a model's attributes
Moderate
CVE-2008-7310
was published
for
spree
(RubyGems)
May 17, 2022
Spree uses a hardcoded hash value
Moderate
CVE-2008-7311
was published
for
spree
(RubyGems)
May 17, 2022
Chef Improper Access Control vulnerability
Moderate
CVE-2010-5142
was published
for
chef
(RubyGems)
May 17, 2022
spree_auth_devise allows remote authenticated users to assign themselves arbitrary roles
Moderate
CVE-2013-2506
was published
for
spree_auth_devise
(RubyGems)
May 17, 2022
Rack-Cache caches sensitive headers
Moderate
CVE-2012-2671
was published
for
rack-cache
(RubyGems)
May 17, 2022
Rack Gem Subject to Denial of Service via Hash Collisions
Moderate
CVE-2011-5036
was published
for
org.jruby:jruby-parent
(RubyGems)
May 17, 2022
Sup Code Injection vulnerability
Moderate
CVE-2013-4478
was published
for
sup
(RubyGems)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API