GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
288 advisories
Filter by severity
Denial of service via header parsing in Rack
High
CVE-2022-44570
was published
for
rack
(RubyGems)
Jan 18, 2023
Rack has possible DoS Vulnerability in Multipart MIME parsing
High
CVE-2023-27530
was published
for
rack
(RubyGems)
Mar 8, 2023
Duplicate Advisory: ActiveAdmin vulnerable to CSV injection
High
GHSA-rqxc-9p8h-xqgq
was published
for
activeadmin
(RubyGems)
Dec 24, 2023
•
withdrawn
Duplicate Advisory: encoded_id-rails potential DOS vulnerability due to URIs with extremely long encoded IDs
High
GHSA-4553-hq82-8654
was published
for
encoded_id-rails
(RubyGems)
Jan 4, 2024
•
withdrawn
Duplicate Advisory: Integer overflow in cmark-gfm table parsing extension leads to heap memory corruption
High
GHSA-c2v4-chx5-vff6
was published
for
commonmarker
(RubyGems)
Jan 4, 2024
•
withdrawn
Potential CSV export data leak
High
CVE-2023-50448
was published
for
activeadmin
(RubyGems)
Dec 15, 2023
Integer overflow in cmark-gfm table parsing extension leads to heap memory corruption
High
CVE-2024-22051
was published
for
commonmarker
(RubyGems)
Mar 3, 2022
encoded_id-rails potential DOS vulnerability due to URIs with extremely long encoded IDs
High
CVE-2024-0241
was published
for
encoded_id-rails
(RubyGems)
Oct 24, 2023
Omniauth::MicrosoftGraph Account takeover (nOAuth)
High
CVE-2024-21632
was published
for
omniauth-microsoft_graph
(RubyGems)
Jan 3, 2024
RedCloth Regular Expression Denial of Service issue
High
CVE-2023-31606
was published
for
RedCloth
(RubyGems)
Jun 6, 2023
avo vulnerable to stored cross-site scripting (XSS) in key_value field
High
CVE-2024-22191
was published
for
avo
(RubyGems)
Jan 16, 2024
Cookie Prefix Spoofing in CGI::Cookie.parse
High
CVE-2021-41819
was published
for
cgi
(RubyGems)
Jan 21, 2022
Regular expression denial of service vulnerability (ReDoS) in date
High
CVE-2021-41817
was published
for
date
(RubyGems)
Nov 16, 2021
hammer_cli_foreman Improper Certificate Validation vulnerability
High
CVE-2017-2667
was published
for
hammer_cli_foreman
(RubyGems)
May 13, 2022
Exposure of information in Action Pack
High
CVE-2022-23633
was published
for
actionpack
(RubyGems)
Feb 11, 2022
SQL Injection Vulnerability via ActiveRecord comments
High
CVE-2023-22794
was published
for
activerecord
(RubyGems)
Jan 18, 2023
WEBrick Denial of Service Vulnerability
High
CVE-2008-4310
was published
for
webrick
(RubyGems)
May 2, 2022
OmniAuth Ruby gem Cross-site Request Forgery in request phase
High
CVE-2015-9284
was published
for
omniauth
(RubyGems)
May 29, 2019
XSS sidekiq-unique-jobs UI server vulnerability
High
CVE-2024-25122
was published
for
sidekiq-unique-jobs
(RubyGems)
Feb 13, 2024
Path Traversal vulnerability that affects yard
High
CVE-2019-1020001
was published
for
yard
(RubyGems)
Jul 2, 2019
Cross-site Scripting (XSS) possible with maliciously formed HTML attribute names and values in Phlex
High
CVE-2024-28199
was published
for
phlex
(RubyGems)
Mar 12, 2024
ProTip!
Advisories are also available from the
GraphQL API