GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,985
Erlang
29
GitHub Actions
16
Go
1,771
Maven
4,995
npm
3,541
NuGet
617
pip
3,120
Pub
10
RubyGems
838
Rust
788
Swift
34
Unreviewed advisories
All unreviewed
5,000+
393 advisories
Filter by severity
Moderate severity vulnerability that affects safemode
Moderate
GHSA-44vc-fpcg-5cc5
was published
for
safemode
(RubyGems)
Aug 8, 2018
•
withdrawn
Json-jwt did not verify the cryptographic signature for data
Moderate
CVE-2018-1000539
was published
for
json-jwt
(RubyGems)
Jul 31, 2018
radiant vulnerable to Cross-site Scripting
Moderate
CVE-2018-7261
was published
for
radiant
(RubyGems)
Jul 27, 2018
Ciborg gem for Ruby allows local users to write files and gain privileges via Symlink
Moderate
CVE-2014-5003
was published
for
ciborg
(RubyGems)
Jul 23, 2018
Sinatra Cross-site Scripting vulnerability
Moderate
CVE-2018-11627
was published
for
sinatra
(RubyGems)
Jun 5, 2018
rails-html-sanitizer Cross-site Scripting vulnerability
Moderate
CVE-2018-3741
was published
for
rails-html-sanitizer
(RubyGems)
Apr 26, 2018
Uncontrolled resource consumption in nokogiri
Moderate
CVE-2017-18258
was published
for
nokogiri
(RubyGems)
Apr 13, 2018
Cross-site Scripting in loofah
Moderate
CVE-2018-8048
was published
for
loofah
(RubyGems)
Mar 21, 2018
Doorkeeper is vulnerable to stored XSS and code execution
Moderate
CVE-2018-1000088
was published
for
doorkeeper
(RubyGems)
Mar 13, 2018
http vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
Moderate
CVE-2015-1828
was published
for
http
(RubyGems)
Mar 13, 2018
rack-protection gem timing attack vulnerability when validating CSRF token
Moderate
CVE-2018-1000119
was published
for
rack-protection
(RubyGems)
Mar 7, 2018
rails_admin ruby gem XSS
Moderate
CVE-2017-12098
was published
for
rails_admin
(RubyGems)
Mar 5, 2018
delayed_job_web Cross-site Scripting vulnerability
Moderate
CVE-2017-12097
was published
for
delayed_job_web
(RubyGems)
Mar 5, 2018
Ox gem stack overflow in sax_parse
Moderate
CVE-2017-16229
was published
for
ox
(RubyGems)
Mar 5, 2018
Sinatra Path Traversal vulnerability
Moderate
CVE-2018-7212
was published
for
sinatra
(RubyGems)
Feb 20, 2018
Gyazo allows local users to write arbitrary files
Moderate
CVE-2014-4994
was published
for
gyazo
(RubyGems)
Jan 22, 2018
Cross-Site Scripting (XSS) in jquery
Moderate
CVE-2015-9251
was published
for
jQuery
(RubyGems)
Jan 22, 2018
Radiant CMS vulnerable to Cross-site Scripting
Moderate
CVE-2018-5216
was published
for
radiant
(RubyGems)
Jan 6, 2018
net-ldap Improper Certificate Validation vulnerability
Moderate
CVE-2017-17718
was published
for
net-ldap
(RubyGems)
Jan 6, 2018
private_address_check vulnerable to bypass of Resolv.getaddresses method
Moderate
CVE-2017-0904
was published
for
private_address_check
(RubyGems)
Nov 29, 2017
Geminabox contains Cross-site Scripting
Moderate
CVE-2017-16792
was published
for
geminabox
(RubyGems)
Nov 29, 2017
Gemirro Stored XSS in Gemspec "homepage" value
Moderate
CVE-2017-16833
was published
for
gemirro
(RubyGems)
Nov 29, 2017
cairo is vulnerable to denial of service due to a null pointer dereference
Moderate
CVE-2017-7475
was published
for
cairo
(RubyGems)
Nov 15, 2017
rails Cross-site Scripting vulnerability
Moderate
CVE-2011-2197
was published
for
actionpack
(RubyGems)
Oct 24, 2017
Cross site scripting that affects rails
Moderate
CVE-2009-3009
was published
for
actionpack
(RubyGems)
Oct 24, 2017
ProTip!
Advisories are also available from the
GraphQL API