GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,967
Erlang
29
GitHub Actions
16
Go
1,748
Maven
4,978
npm
3,509
NuGet
609
pip
3,075
Pub
10
RubyGems
832
Rust
781
Swift
34
Unreviewed advisories
All unreviewed
5,000+
289 advisories
Filter by severity
RubyGems Deserialization of Untrusted Data vulnerability
High
CVE-2018-1000074
was published
for
org.jruby:jruby-stdlib
(RubyGems)
May 14, 2022
RubyGems Infinite Loop vulnerability
High
CVE-2018-1000075
was published
for
org.jruby:jruby-stdlib
(RubyGems)
May 13, 2022
RubyGems Link Following vulnerability
High
CVE-2018-1000073
was published
for
org.jruby:jruby-stdlib
(RubyGems)
May 13, 2022
Elastic APM agent for Ruby vulnerable to Improper Certificate Validation
High
CVE-2019-7615
was published
for
elastic-apm
(RubyGems)
May 24, 2022
Camaleon CMS Insufficient Session Expiration vulnerability
High
CVE-2021-25970
was published
for
camaleon_cms
(RubyGems)
May 24, 2022
RubyGems may allow a maliciously crafted gem to overwrite files
High
CVE-2017-0901
was published
for
rubygems-update
(RubyGems)
May 13, 2022
RubyGems has Origin Validation Error vulnerability
High
CVE-2017-0902
was published
for
rubygems-update
(RubyGems)
May 13, 2022
libxslt Type Confusion vulnerability that affects Nokogiri
High
CVE-2019-13118
was published
for
nokogiri
(RubyGems)
May 24, 2022
Nokogiri is vulnerable to XML External Entity (XXE) attack
High
CVE-2012-6685
was published
for
nokogiri
(RubyGems)
Apr 23, 2022
mixlib-archive Path Traversal vulnerability
High
CVE-2017-1000026
was published
for
mixlib-archive
(RubyGems)
May 13, 2022
Asciidoctor Infinite Loop vulnerability
High
CVE-2018-18385
was published
for
asciidoctor
(RubyGems)
May 13, 2022
actionpack Improper Input Validation vulnerability
High
CVE-2013-0156
was published
for
actionpack
(RubyGems)
Oct 24, 2017
Withdrawn: Fortra GoAnywhere MFT Deserialization of Untrusted Data vulnerability affects metasploit-framework
High
CVE-2023-0669
was published
for
metasploit-framework
(RubyGems)
Feb 6, 2023
•
withdrawn
Katello SQL Injection vulnerabilities
High
CVE-2016-3072
was published
for
katello
(RubyGems)
May 14, 2022
Sinatra vulnerable to Reflected File Download attack
High
CVE-2022-45442
was published
for
sinatra
(RubyGems)
Nov 30, 2022
Unchecked return value from xmlTextReaderExpand
High
CVE-2022-23476
was published
for
nokogiri
(RubyGems)
Dec 8, 2022
ruby-git has potential remote code execution vulnerability
High
CVE-2022-46648
was published
for
git
(RubyGems)
Jan 9, 2023
Dependency Confusion in Bundler
High
CVE-2020-36327
was published
for
bundler
(RubyGems)
May 24, 2021
Remote code execution in Kramdown
High
CVE-2021-28834
was published
for
kramdown
(RubyGems)
Mar 29, 2021
Out-of-bounds read in nokogiri
High
CVE-2017-9050
was published
for
nokogiri
(RubyGems)
Dec 13, 2017
TZInfo relative path traversal vulnerability allows loading of arbitrary files
High
CVE-2022-31163
was published
for
tzinfo
(RubyGems)
Jul 21, 2022
arr-pm vulnerable to arbitrary shell execution when extracting or listing files contained in a malicious rpm.
High
CVE-2022-39224
was published
for
arr-pm
(RubyGems)
Sep 21, 2022
PgHero Allows Information Disclosure Through EXPLAIN Feature
High
CVE-2023-22626
was published
for
pghero
(RubyGems)
Jan 5, 2023
ProTip!
Advisories are also available from the
GraphQL API