GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
389 advisories
Filter by severity
RubyGems Regular Expression Denial of Service
Moderate
CVE-2013-4363
was published
for
rubygems-update
(RubyGems)
May 17, 2022
RubyGems Improper Input Validation vulnerability
Moderate
CVE-2015-4020
was published
for
rubygems-update
(RubyGems)
May 17, 2022
ccsv Double Free vulnerability
Moderate
CVE-2017-15364
was published
for
ccsv
(RubyGems)
May 17, 2022
Sup Code Injection vulnerability
Moderate
CVE-2013-4479
was published
for
sup
(RubyGems)
May 17, 2022
Fat Free CRM subject to Cross-site Scripting
Moderate
CVE-2014-5441
was published
for
fat_free_crm
(RubyGems)
May 17, 2022
GitLab Grit Gem for Ruby contains a flaw allowing arbitrary commands to be executed
Moderate
CVE-2013-4489
was published
for
gitlab-grit
(RubyGems)
May 17, 2022
RubyGems does not verify SSL certificate
Moderate
CVE-2012-2126
was published
for
rubygems-update
(RubyGems)
May 17, 2022
RubyGems HTTPS to HTTP redirect
Moderate
CVE-2012-2125
was published
for
rubygems-update
(RubyGems)
May 17, 2022
Fat Free CRM has fixed token value
Moderate
CVE-2013-7222
was published
for
fat_free_crm
(RubyGems)
May 17, 2022
Fat Free CRM allows remote attackers to obtain sensitive information via a direct request
Moderate
CVE-2013-7224
was published
for
fat_free_crm
(RubyGems)
May 17, 2022
Fat Free CRM vulnerable to Exposure of Sensitive Information
Moderate
CVE-2013-7249
was published
for
fat_free_crm
(RubyGems)
May 17, 2022
Fat Free CRM vulnerable to SQL Injection
Moderate
CVE-2013-7225
was published
for
fat_free_crm
(RubyGems)
May 17, 2022
Fat Free CRM contains Cross-site Request Forgery vulnerablilities
Moderate
CVE-2013-7223
was published
for
fat_free_crm
(RubyGems)
May 17, 2022
Sup Code Injection vulnerability
Moderate
CVE-2013-4478
was published
for
sup
(RubyGems)
May 17, 2022
Rack Gem Subject to Denial of Service via Hash Collisions
Moderate
CVE-2011-5036
was published
for
org.jruby:jruby-parent
(RubyGems)
May 17, 2022
Rack-Cache caches sensitive headers
Moderate
CVE-2012-2671
was published
for
rack-cache
(RubyGems)
May 17, 2022
spree_auth_devise allows remote authenticated users to assign themselves arbitrary roles
Moderate
CVE-2013-2506
was published
for
spree_auth_devise
(RubyGems)
May 17, 2022
Chef Improper Access Control vulnerability
Moderate
CVE-2010-5142
was published
for
chef
(RubyGems)
May 17, 2022
Spree uses a hardcoded hash value
Moderate
CVE-2008-7311
was published
for
spree
(RubyGems)
May 17, 2022
Spree does not properly restrict the use of a hash to provide values for a model's attributes
Moderate
CVE-2008-7310
was published
for
spree
(RubyGems)
May 17, 2022
openshift-origin-node Improper Input Validation vulnerability
Moderate
CVE-2014-0084
was published
for
openshift-origin-node
(RubyGems)
May 17, 2022
Publify has Improper Access Controls
Moderate
CVE-2022-1810
was published
for
publify_core
(RubyGems)
May 24, 2022
Withdrawn Advisory: Fat Free CRM Cross-site Scripting vulnerability
Moderate
CVE-2019-10226
was published
for
fat_free_crm
(RubyGems)
May 24, 2022
•
withdrawn
Devise Token Auth vulnerable to Cross-site Scripting
Moderate
CVE-2019-16751
was published
for
devise_token_auth
(RubyGems)
May 24, 2022
Nokogiri Implements libxml2 version vulnerable to null pointer dereferencing
Moderate
CVE-2021-3537
was published
for
nokogiri
(RubyGems)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API