Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

389 advisories

Loading
RubyGems Regular Expression Denial of Service Moderate
CVE-2013-4363 was published for rubygems-update (RubyGems) May 17, 2022
RubyGems Improper Input Validation vulnerability Moderate
CVE-2015-4020 was published for rubygems-update (RubyGems) May 17, 2022
jasnow
ccsv Double Free vulnerability Moderate
CVE-2017-15364 was published for ccsv (RubyGems) May 17, 2022
Sup Code Injection vulnerability Moderate
CVE-2013-4479 was published for sup (RubyGems) May 17, 2022
Fat Free CRM subject to Cross-site Scripting Moderate
CVE-2014-5441 was published for fat_free_crm (RubyGems) May 17, 2022
GitLab Grit Gem for Ruby contains a flaw allowing arbitrary commands to be executed Moderate
CVE-2013-4489 was published for gitlab-grit (RubyGems) May 17, 2022
postmodern
RubyGems does not verify SSL certificate Moderate
CVE-2012-2126 was published for rubygems-update (RubyGems) May 17, 2022
jasnow
RubyGems HTTPS to HTTP redirect Moderate
CVE-2012-2125 was published for rubygems-update (RubyGems) May 17, 2022
jasnow
Fat Free CRM has fixed token value Moderate
CVE-2013-7222 was published for fat_free_crm (RubyGems) May 17, 2022
Fat Free CRM allows remote attackers to obtain sensitive information via a direct request Moderate
CVE-2013-7224 was published for fat_free_crm (RubyGems) May 17, 2022
Fat Free CRM vulnerable to Exposure of Sensitive Information Moderate
CVE-2013-7249 was published for fat_free_crm (RubyGems) May 17, 2022
Fat Free CRM vulnerable to SQL Injection Moderate
CVE-2013-7225 was published for fat_free_crm (RubyGems) May 17, 2022
Fat Free CRM contains Cross-site Request Forgery vulnerablilities Moderate
CVE-2013-7223 was published for fat_free_crm (RubyGems) May 17, 2022
Sup Code Injection vulnerability Moderate
CVE-2013-4478 was published for sup (RubyGems) May 17, 2022
Rack Gem Subject to Denial of Service via Hash Collisions Moderate
CVE-2011-5036 was published for org.jruby:jruby-parent (RubyGems) May 17, 2022
Rack-Cache caches sensitive headers Moderate
CVE-2012-2671 was published for rack-cache (RubyGems) May 17, 2022
spree_auth_devise allows remote authenticated users to assign themselves arbitrary roles Moderate
CVE-2013-2506 was published for spree_auth_devise (RubyGems) May 17, 2022
Chef Improper Access Control vulnerability Moderate
CVE-2010-5142 was published for chef (RubyGems) May 17, 2022
Spree uses a hardcoded hash value Moderate
CVE-2008-7311 was published for spree (RubyGems) May 17, 2022
Spree does not properly restrict the use of a hash to provide values for a model's attributes Moderate
CVE-2008-7310 was published for spree (RubyGems) May 17, 2022
openshift-origin-node Improper Input Validation vulnerability Moderate
CVE-2014-0084 was published for openshift-origin-node (RubyGems) May 17, 2022
Publify has Improper Access Controls Moderate
CVE-2022-1810 was published for publify_core (RubyGems) May 24, 2022
Withdrawn Advisory: Fat Free CRM Cross-site Scripting vulnerability Moderate
CVE-2019-10226 was published for fat_free_crm (RubyGems) May 24, 2022 withdrawn
steveyken
Devise Token Auth vulnerable to Cross-site Scripting Moderate
CVE-2019-16751 was published for devise_token_auth (RubyGems) May 24, 2022
Nokogiri Implements libxml2 version vulnerable to null pointer dereferencing Moderate
CVE-2021-3537 was published for nokogiri (RubyGems) May 24, 2022
ProTip! Advisories are also available from the GraphQL API