GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
877 advisories
Filter by severity
Puppet Bolt privilege escalation vulnerability
Critical
CVE-2023-5214
was published
for
bolt
(RubyGems)
Oct 6, 2023
geokit-rails Command Injection vulnerability
Critical
CVE-2023-26153
was published
for
geokit-rails
(RubyGems)
Oct 6, 2023
Decidim has broken access control in templates
High
CVE-2023-36465
was published
for
decidim
(RubyGems)
Oct 5, 2023
Foreman Transpilation Enables OS Command Injection
Critical
CVE-2022-3874
was published
for
foreman
(RubyGems)
Sep 22, 2023
•
withdrawn
sidekiq Denial of Service vulnerability
Moderate
CVE-2023-26141
was published
for
sidekiq
(RubyGems)
Sep 14, 2023
Denial of Service Vulnerability in gRPC TCP Server (Posix-compatible platforms)
High
CVE-2023-4785
was published
for
grpc
(RubyGems)
Sep 13, 2023
Active Support Possibly Discloses Locally Encrypted Files
Low
CVE-2023-38037
was published
for
activesupport
(RubyGems)
Aug 23, 2023
Puma HTTP Request/Response Smuggling vulnerability
Critical
CVE-2023-40175
was published
for
puma
(RubyGems)
Aug 18, 2023
Several quadratic complexity bugs may lead to denial of service in Commonmarker
Moderate
GHSA-7vh7-fw88-wj87
was published
for
commonmarker
(RubyGems)
Aug 8, 2023
protocol-http1 HTTP Request/Response Smuggling vulnerability
Moderate
CVE-2023-38697
was published
for
protocol-http1
(RubyGems)
Aug 3, 2023
rswag vulnerable to arbitrary JSON and YAML file read via directory traversal
High
CVE-2023-38337
was published
for
rswag
(RubyGems)
Jul 15, 2023
Decidim Cross-site Scripting vulnerability in the external link redirections
Moderate
CVE-2023-32693
was published
for
decidim
(RubyGems)
Jul 11, 2023
Decidim Cross-site Scripting vulnerability in the processes filter
High
CVE-2023-34089
was published
for
decidim
(RubyGems)
Jul 11, 2023
Decidim vulnerable to sensitive data disclosure
High
CVE-2023-34090
was published
for
decidim
(RubyGems)
Jul 11, 2023
gRPC connection termination issue
Moderate
CVE-2023-32732
was published
for
grpc
(RubyGems)
Jul 6, 2023
Sanitize vulnerable to Cross-site Scripting via insufficient neutralization of `style` element content
High
CVE-2023-36823
was published
for
sanitize
(RubyGems)
Jul 6, 2023
URI gem has ReDoS vulnerability
Moderate
CVE-2023-36617
was published
for
uri
(RubyGems)
Jun 29, 2023
Actionpack has possible cross-site scripting vulnerability via User Supplied Values to redirect_to
Moderate
CVE-2023-28362
was published
for
actionpack
(RubyGems)
Jun 29, 2023
Spina Cross-site Scripting vulnerability
Low
CVE-2023-3445
was published
for
spina
(RubyGems)
Jun 28, 2023
Duplicate Advisory: jQuery Cross Site Scripting vulnerability
Moderate
CVE-2020-23064
was published
for
jQuery
(RubyGems)
Jun 26, 2023
•
withdrawn
Doorkeeper Improper Authentication vulnerability
Moderate
CVE-2023-34246
was published
for
doorkeeper
(RubyGems)
Jun 12, 2023
rails-ujs vulnerable to DOM Based Cross-site Scripting contenteditable HTML Elements
Moderate
CVE-2023-23913
was published
for
actionview
(RubyGems)
Jun 9, 2023
ProTip!
Advisories are also available from the
GraphQL API