GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
891 advisories
Filter by severity
net-ldap Improper Certificate Validation vulnerability
Moderate
CVE-2017-17718
was published
for
net-ldap
(RubyGems)
Jan 6, 2018
Fat Free CRM vulnerable to Remote Denial of Service via Tasks endpoint
Moderate
CVE-2022-39281
was published
for
fat_free_crm
(RubyGems)
Oct 7, 2022
TZInfo relative path traversal vulnerability allows loading of arbitrary files
High
CVE-2022-31163
was published
for
tzinfo
(RubyGems)
Jul 21, 2022
Duplicate Advisory: Moderate severity vulnerability that affects activemodel
Moderate
GHSA-v543-gqhh-6gww
was published
for
activemodel
(RubyGems)
Sep 17, 2018
•
withdrawn
Arbitrary file write in actionpack-page_caching gem
Critical
CVE-2020-8159
was published
for
actionpack-page_caching
(RubyGems)
May 13, 2020
Out-of-bounds read in nokogiri
High
CVE-2017-9050
was published
for
nokogiri
(RubyGems)
Dec 13, 2017
Remote code execution in Kramdown
High
CVE-2021-28834
was published
for
kramdown
(RubyGems)
Mar 29, 2021
Improper Certificate Validation in twitter-stream
Moderate
CVE-2020-24392
was published
for
twitter-stream
(RubyGems)
Mar 29, 2021
Dependency Confusion in Bundler
High
CVE-2020-36327
was published
for
bundler
(RubyGems)
May 24, 2021
ruby-git has potential remote code execution vulnerability
High
CVE-2022-46648
was published
for
git
(RubyGems)
Jan 9, 2023
Unchecked return value from xmlTextReaderExpand
High
CVE-2022-23476
was published
for
nokogiri
(RubyGems)
Dec 8, 2022
Active Record RCE bug with Serialized Columns
Critical
CVE-2022-32224
was published
for
activerecord
(RubyGems)
Jul 12, 2022
text_helpers uses web link to untrusted target with window.opener access
Moderate
CVE-2020-36624
was published
for
text_helpers
(RubyGems)
Dec 22, 2022
Sinatra vulnerable to Reflected File Download attack
High
CVE-2022-45442
was published
for
sinatra
(RubyGems)
Nov 30, 2022
Radiant CMS vulnerable to Cross-site Scripting
Moderate
CVE-2018-5216
was published
for
radiant
(RubyGems)
Jan 6, 2018
Cross site scripting vulnerability in ActionView
Moderate
CVE-2020-5267
was published
for
actionview
(RubyGems)
Mar 19, 2020
Clockwork Web contains a Cross-Site Request Forgery Vulnerability with Rails < 5.2
Moderate
CVE-2023-25015
was published
for
clockwork_web
(RubyGems)
Feb 2, 2023
Katello SQL Injection vulnerabilities
High
CVE-2016-3072
was published
for
katello
(RubyGems)
May 14, 2022
Improper neutralization of `noscript` element content may allow XSS in Sanitize
Moderate
CVE-2023-23627
was published
for
sanitize
(RubyGems)
Jan 28, 2023
Rack arbitrary code execution via timing attack
Moderate
CVE-2013-0263
was published
for
rack
(RubyGems)
May 5, 2022
Katello cleartext password storage issue
Low
CVE-2019-14825
was published
for
katello
(RubyGems)
May 24, 2022
Withdrawn: Fortra GoAnywhere MFT Deserialization of Untrusted Data vulnerability affects metasploit-framework
High
CVE-2023-0669
was published
for
metasploit-framework
(RubyGems)
Feb 6, 2023
•
withdrawn
actionpack Improper Input Validation vulnerability
High
CVE-2013-0156
was published
for
actionpack
(RubyGems)
Oct 24, 2017
ProTip!
Advisories are also available from the
GraphQL API