Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,958
Erlang
29
GitHub Actions
16
Go
1,745
Maven
4,971
npm
3,507
NuGet
609
pip
3,066
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+

289 advisories

Devise Gem for Ruby Unauthorized Access Using "Remember Me" Cookie High
CVE-2015-8314 was published for devise (RubyGems) Jan 26, 2023
jruby-openssl gem for JRuby fails to do proper certificate validation High
CVE-2009-4123 was published for jruby-openssl (RubyGems) Jan 19, 2023
Denial of service via header parsing in Rack High
CVE-2022-44570 was published for rack (RubyGems) Jan 18, 2023
Rack has possible DoS Vulnerability in Multipart MIME parsing High
CVE-2023-27530 was published for rack (RubyGems) Mar 8, 2023
Duplicate Advisory: ActiveAdmin vulnerable to CSV injection High
GHSA-rqxc-9p8h-xqgq was published for activeadmin (RubyGems) Dec 24, 2023 withdrawn
Duplicate Advisory: encoded_id-rails potential DOS vulnerability due to URIs with extremely long encoded IDs High
GHSA-4553-hq82-8654 was published for encoded_id-rails (RubyGems) Jan 4, 2024 withdrawn
Duplicate Advisory: Integer overflow in cmark-gfm table parsing extension leads to heap memory corruption High
GHSA-c2v4-chx5-vff6 was published for commonmarker (RubyGems) Jan 4, 2024 withdrawn
Potential CSV export data leak High
CVE-2023-50448 was published for activeadmin (RubyGems) Dec 15, 2023
emilong
Arbitrary Code Execution in Rdoc High
CVE-2021-31799 was published for rdoc (RubyGems) Sep 1, 2021
Integer overflow in cmark-gfm table parsing extension leads to heap memory corruption High
CVE-2024-22051 was published for commonmarker (RubyGems) Mar 3, 2022
encoded_id-rails potential DOS vulnerability due to URIs with extremely long encoded IDs High
CVE-2024-0241 was published for encoded_id-rails (RubyGems) Oct 24, 2023
Omniauth::MicrosoftGraph Account takeover (nOAuth) High
CVE-2024-21632 was published for omniauth-microsoft_graph (RubyGems) Jan 3, 2024
makuga01
RedCloth Regular Expression Denial of Service issue High
CVE-2023-31606 was published for RedCloth (RubyGems) Jun 6, 2023
trautlein
avo vulnerable to stored cross-site scripting (XSS) in key_value field High
CVE-2024-22191 was published for avo (RubyGems) Jan 16, 2024
Mys7ic FLX-0x00
tamaloa
Ruby Time component ReDoS issue High
CVE-2023-28756 was published for time (RubyGems) Mar 31, 2023
HTTP response splitting in CGI High
CVE-2021-33621 was published for cgi (RubyGems) Nov 19, 2022
meineerde
Cookie Prefix Spoofing in CGI::Cookie.parse High
CVE-2021-41819 was published for cgi (RubyGems) Jan 21, 2022
kir-b
Regular expression denial of service vulnerability (ReDoS) in date High
CVE-2021-41817 was published for date (RubyGems) Nov 16, 2021
SValkanov
hammer_cli_foreman Improper Certificate Validation vulnerability High
CVE-2017-2667 was published for hammer_cli_foreman (RubyGems) May 13, 2022
Exposure of information in Action Pack High
CVE-2022-23633 was published for actionpack (RubyGems) Feb 11, 2022
byroot
SQL Injection Vulnerability via ActiveRecord comments High
CVE-2023-22794 was published for activerecord (RubyGems) Jan 18, 2023
kurt-r2c
WEBrick Denial of Service Vulnerability High
CVE-2008-4310 was published for webrick (RubyGems) May 2, 2022
Denial of Service in jquery High
CVE-2016-10707 was published for jQuery (RubyGems) Jan 22, 2018
OmniAuth Ruby gem Cross-site Request Forgery in request phase High
CVE-2015-9284 was published for omniauth (RubyGems) May 29, 2019
G-Rath eugeneius
XSS sidekiq-unique-jobs UI server vulnerability High
CVE-2024-25122 was published for sidekiq-unique-jobs (RubyGems) Feb 13, 2024
pboling Earlopain
ProTip! Advisories are also available from the GraphQL API