Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

417 advisories

Loading
jQuery vulnerable to Cross-Site Scripting (XSS) Moderate
CVE-2011-4969 was published for jQuery (RubyGems) May 14, 2022
jhutchings1 klaudialax
RubyGems Regular Expression Denial of Service vulnerability Moderate
CVE-2013-4287 was published for rubygems-update (RubyGems) May 14, 2022
katello Cross-site Scripting vulnerability Moderate
CVE-2018-16887 was published for katello (RubyGems) May 14, 2022
RubyGems Improper Input Validation vulnerability Moderate
CVE-2018-1000077 was published for org.jruby:jruby-stdlib (RubyGems) May 14, 2022
RubyGems Cross-site Scripting vulnerability Moderate
CVE-2018-1000078 was published for org.jruby:jruby-stdlib (RubyGems) May 14, 2022
Puppet uses predictable filenames, allowing arbitrary file overwrite Moderate
CVE-2011-3871 was published for puppet (RubyGems) May 14, 2022
Puppet does not properly restrict access to node resources Moderate
CVE-2011-0528 was published for puppet (RubyGems) May 14, 2022
Puppet arbitrary file overwrite Moderate
CVE-2011-3869 was published for puppet (RubyGems) May 14, 2022
Puppet allows local users to modify the permissions of arbitrary files Moderate
CVE-2011-3870 was published for puppet (RubyGems) May 14, 2022
Puppet uses predictable filenames, allowing arbitrary file overwrite Moderate
CVE-2012-1906 was published for puppet (RubyGems) May 14, 2022
Puppet Arbitrary Command Execution Moderate
CVE-2012-1988 was published for puppet (RubyGems) May 14, 2022
Puppet Privilege Escallation Moderate
CVE-2012-1053 was published for puppet (RubyGems) May 14, 2022
Authlogic Information Exposure vulnerability Moderate
CVE-2012-6497 was published for authlogic (RubyGems) May 14, 2022
Phusion Passenger incorrect permission assignment Moderate
CVE-2018-12615 was published for passenger (RubyGems) May 13, 2022
jhutchings1
Tarball permission preservation in puppet Moderate
CVE-2017-10689 was published for puppet (RubyGems) May 13, 2022
BenK0lin
Logstash Logs Sensitive Information Moderate
CVE-2016-10362 was published for logstash-core (RubyGems) May 13, 2022
katello Improper Privilege Management vulnerability Moderate
CVE-2017-2662 was published for katello (RubyGems) May 13, 2022
katello SQL Injection vulnerability Moderate
CVE-2018-14623 was published for katello (RubyGems) May 13, 2022
Gem in a Box vulnerable to Cross-site Scripting Moderate
CVE-2017-14506 was published for geminabox (RubyGems) May 13, 2022
Phusion Passenger information disclosure Moderate
CVE-2017-16355 was published for passenger (RubyGems) May 13, 2022
jhutchings1
Bootstrap vulnerable to Cross-Site Scripting (XSS) Moderate
CVE-2018-14040 was published for bootstrap (RubyGems) May 13, 2022
jhutchings1 stof
Churro tdunlap607 jenhae
Camaleon CMS vulnerable to Stored Cross-site Scripting Moderate
CVE-2018-18260 was published for camaleon_cms (RubyGems) May 13, 2022
Bundler may install gems from a different source than expected Moderate
CVE-2013-0334 was published for bundler (RubyGems) May 5, 2022
jasnow
Rack arbitrary code execution via timing attack Moderate
CVE-2013-0263 was published for rack (RubyGems) May 5, 2022
jhutchings1
Rack vulnerable to Denial of Service Moderate
CVE-2013-0184 was published for rack (RubyGems) May 5, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database