GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
417 advisories
Filter by severity
Features file injection vulnerability
Moderate
CVE-2013-4318
was published
for
features
(RubyGems)
May 5, 2022
Nokogiri vulnerable to DoS while parsing XML documents
Moderate
CVE-2013-6460
was published
for
nokogiri
(RubyGems)
May 5, 2022
Nokogiri vulnerable to DoS while parsing XML entities
Moderate
CVE-2013-6461
was published
for
nokogiri
(RubyGems)
May 5, 2022
Mongrel vulnerable to directory traversal via double-encoded sequences
Moderate
CVE-2007-6612
was published
for
mongrel
(RubyGems)
May 1, 2022
RubyGems file overwrite vulnerability
Moderate
CVE-2007-0469
was published
for
rubygems-update
(RubyGems)
May 1, 2022
XSS Vulnerability in Action View tag helpers
Moderate
CVE-2022-27777
was published
for
actionview
(RubyGems)
Apr 27, 2022
Cross-site Scripting Vulnerability in Action Pack
Moderate
CVE-2022-22577
was published
for
actionpack
(RubyGems)
Apr 27, 2022
Cross site scripting in actionpack Rubygem
Moderate
CVE-2011-1497
was published
for
actionpack
(RubyGems)
Apr 22, 2022
XML Injection in Xerces Java affects Nokogiri
Moderate
GHSA-xxx9-3xcr-gjj3
was published
for
nokogiri
(RubyGems)
Apr 11, 2022
Improper one time password handling in devise-two-factor
Moderate
CVE-2021-43177
was published
for
devise-two-factor
(RubyGems)
Apr 7, 2022
Buffer Overflow in yajl-ruby
Moderate
CVE-2022-24795
was published
for
yajl-ruby
(RubyGems)
Apr 5, 2022
Hub Package Arbitrary File Overwrite
Moderate
CVE-2014-0177
was published
for
github.com/github/hub
(RubyGems)
Feb 15, 2022
CSRF forgery protection bypass in solidus_frontend
Moderate
CVE-2021-43846
was published
for
solidus_frontend
(RubyGems)
Jan 6, 2022
Path traversal when MessageBus::Diagnostics is enabled
Moderate
CVE-2021-43840
was published
for
message_bus
(RubyGems)
Dec 17, 2021
actionpack Open Redirect in Host Authorization Middleware
Moderate
CVE-2021-44528
was published
for
actionpack
(RubyGems)
Dec 14, 2021
Local Code Execution through Argument Injection via dash leading git url parameter in Gemfile.
Moderate
CVE-2021-43809
was published
for
bundler
(RubyGems)
Dec 8, 2021
Silent Configuration Failure in Puppet Agent
Moderate
CVE-2021-27025
was published
for
puppet
(RubyGems)
Dec 2, 2021
Unsafe HTTP Redirect in Puppet Agent and Puppet Server
Moderate
CVE-2021-27023
was published
for
puppet
(RubyGems)
Dec 2, 2021
Rails Multisite secure/signed cookies share secrets between sites in a multi-site application
Moderate
CVE-2021-41263
was published
for
rails_multisite
(RubyGems)
Nov 15, 2021
Publify `guest` role users can self-register even when the admin does not allow it
Moderate
CVE-2021-25973
was published
for
publify_core
(RubyGems)
Nov 3, 2021
ReDoS vulnerability in parser_apache2
Moderate
CVE-2021-41186
was published
for
fluentd
(RubyGems)
Nov 1, 2021
XSS in `*Text` options of the Datepicker widget in jquery-ui
Moderate
CVE-2021-41183
was published
for
jQuery.UI.Combined
(RubyGems)
Oct 26, 2021
XSS in the `of` option of the `.position()` util in jquery-ui
Moderate
CVE-2021-41184
was published
for
jQuery.UI.Combined
(RubyGems)
Oct 26, 2021
XSS in the `altField` option of the Datepicker widget in jquery-ui
Moderate
CVE-2021-41182
was published
for
jQuery.UI.Combined
(RubyGems)
Oct 26, 2021
Cross-site Scripting in Sidekiq
Moderate
CVE-2021-30151
was published
for
sidekiq
(RubyGems)
Oct 6, 2021
ProTip!
Advisories are also available from the
GraphQL API