GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
427 advisories
Phusion Passenger information disclosure
Moderate
CVE-2017-16355
was published
for
passenger
(RubyGems)
May 13, 2022
Bootstrap vulnerable to Cross-Site Scripting (XSS)
Moderate
CVE-2018-14040
was published
for
bootstrap
(RubyGems)
May 13, 2022
Bundler may install gems from a different source than expected
Moderate
CVE-2013-0334
was published
for
bundler
(RubyGems)
May 5, 2022
Rack arbitrary code execution via timing attack
Moderate
CVE-2013-0263
was published
for
rack
(RubyGems)
May 5, 2022
Features file injection vulnerability
Moderate
CVE-2013-4318
was published
for
features
(RubyGems)
May 5, 2022
Nokogiri vulnerable to DoS while parsing XML entities
Moderate
CVE-2013-6461
was published
for
nokogiri
(RubyGems)
May 5, 2022
Nokogiri vulnerable to DoS while parsing XML documents
Moderate
CVE-2013-6460
was published
for
nokogiri
(RubyGems)
May 5, 2022
XSS Vulnerability in Action View tag helpers
Moderate
CVE-2022-27777
was published
for
actionview
(RubyGems)
Apr 27, 2022
Cross-site Scripting Vulnerability in Action Pack
Moderate
CVE-2022-22577
was published
for
actionpack
(RubyGems)
Apr 27, 2022
Cross site scripting in actionpack Rubygem
Moderate
CVE-2011-1497
was published
for
actionpack
(RubyGems)
Apr 22, 2022
Buffer Overflow in yajl-ruby
Moderate
CVE-2022-24795
was published
for
yajl-ruby
(RubyGems)
Apr 5, 2022
Local Code Execution through Argument Injection via dash leading git url parameter in Gemfile.
Moderate
CVE-2021-43809
was published
for
bundler
(RubyGems)
Dec 8, 2021
ProTip!
Advisories are also available from the
GraphQL API