GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
417 advisories
Filter by severity
jQuery vulnerable to Cross-Site Scripting (XSS)
Moderate
CVE-2011-4969
was published
for
jQuery
(RubyGems)
May 14, 2022
RubyGems Regular Expression Denial of Service vulnerability
Moderate
CVE-2013-4287
was published
for
rubygems-update
(RubyGems)
May 14, 2022
katello Cross-site Scripting vulnerability
Moderate
CVE-2018-16887
was published
for
katello
(RubyGems)
May 14, 2022
RubyGems Improper Input Validation vulnerability
Moderate
CVE-2018-1000077
was published
for
org.jruby:jruby-stdlib
(RubyGems)
May 14, 2022
RubyGems Cross-site Scripting vulnerability
Moderate
CVE-2018-1000078
was published
for
org.jruby:jruby-stdlib
(RubyGems)
May 14, 2022
Puppet uses predictable filenames, allowing arbitrary file overwrite
Moderate
CVE-2011-3871
was published
for
puppet
(RubyGems)
May 14, 2022
Puppet does not properly restrict access to node resources
Moderate
CVE-2011-0528
was published
for
puppet
(RubyGems)
May 14, 2022
Puppet arbitrary file overwrite
Moderate
CVE-2011-3869
was published
for
puppet
(RubyGems)
May 14, 2022
Puppet allows local users to modify the permissions of arbitrary files
Moderate
CVE-2011-3870
was published
for
puppet
(RubyGems)
May 14, 2022
Puppet uses predictable filenames, allowing arbitrary file overwrite
Moderate
CVE-2012-1906
was published
for
puppet
(RubyGems)
May 14, 2022
Puppet Arbitrary Command Execution
Moderate
CVE-2012-1988
was published
for
puppet
(RubyGems)
May 14, 2022
Puppet Privilege Escallation
Moderate
CVE-2012-1053
was published
for
puppet
(RubyGems)
May 14, 2022
Authlogic Information Exposure vulnerability
Moderate
CVE-2012-6497
was published
for
authlogic
(RubyGems)
May 14, 2022
Phusion Passenger incorrect permission assignment
Moderate
CVE-2018-12615
was published
for
passenger
(RubyGems)
May 13, 2022
Tarball permission preservation in puppet
Moderate
CVE-2017-10689
was published
for
puppet
(RubyGems)
May 13, 2022
Logstash Logs Sensitive Information
Moderate
CVE-2016-10362
was published
for
logstash-core
(RubyGems)
May 13, 2022
katello Improper Privilege Management vulnerability
Moderate
CVE-2017-2662
was published
for
katello
(RubyGems)
May 13, 2022
katello SQL Injection vulnerability
Moderate
CVE-2018-14623
was published
for
katello
(RubyGems)
May 13, 2022
Gem in a Box vulnerable to Cross-site Scripting
Moderate
CVE-2017-14506
was published
for
geminabox
(RubyGems)
May 13, 2022
Phusion Passenger information disclosure
Moderate
CVE-2017-16355
was published
for
passenger
(RubyGems)
May 13, 2022
Bootstrap vulnerable to Cross-Site Scripting (XSS)
Moderate
CVE-2018-14040
was published
for
bootstrap
(RubyGems)
May 13, 2022
Camaleon CMS vulnerable to Stored Cross-site Scripting
Moderate
CVE-2018-18260
was published
for
camaleon_cms
(RubyGems)
May 13, 2022
Bundler may install gems from a different source than expected
Moderate
CVE-2013-0334
was published
for
bundler
(RubyGems)
May 5, 2022
Rack arbitrary code execution via timing attack
Moderate
CVE-2013-0263
was published
for
rack
(RubyGems)
May 5, 2022
Rack vulnerable to Denial of Service
Moderate
CVE-2013-0184
was published
for
rack
(RubyGems)
May 5, 2022
ProTip!
Advisories are also available from the
GraphQL API