GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,089
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
388 advisories
Filter by severity
activesupport Cross-site Scripting vulnerability
Moderate
CVE-2012-3464
was published
for
activesupport
(RubyGems)
Oct 24, 2017
activesupport Improper Input Validation vulnerability
Moderate
CVE-2013-1856
was published
for
activesupport
(RubyGems)
Oct 24, 2017
newrelic_rpm Gem Discloses Sensitive Information
Moderate
CVE-2013-0284
was published
for
newrelic_rpm
(RubyGems)
Oct 24, 2017
Phusion Passenger Denial of Service
Moderate
CVE-2013-2119
was published
for
passenger
(RubyGems)
Oct 24, 2017
RDoc contains XSS vulnerability
Moderate
CVE-2013-0256
was published
for
rdoc
(RubyGems)
Oct 24, 2017
Script Injection in Show In Browser gem
Moderate
CVE-2013-2105
was published
for
show_in_browser
(RubyGems)
Oct 24, 2017
rails-html-sanitizer Cross-site Scripting vulnerability
Moderate
CVE-2015-7580
was published
for
rails-html-sanitizer
(RubyGems)
Oct 24, 2017
activesupport Cross-site Scripting vulnerability
Moderate
CVE-2015-3226
was published
for
activesupport
(RubyGems)
Oct 24, 2017
will_paginate Cross-site Scripting vulnerability
Moderate
CVE-2013-6459
was published
for
will_paginate
(RubyGems)
Oct 24, 2017
paperclip Cross-site Scripting vulnerability
Moderate
CVE-2015-2963
was published
for
paperclip
(RubyGems)
Oct 24, 2017
rails-html-sanitizer Cross-site Scripting vulnerability
Moderate
CVE-2015-7578
was published
for
rails-html-sanitizer
(RubyGems)
Oct 24, 2017
actionpack vulnerable to Cross-site Scripting
Moderate
CVE-2013-6415
was published
for
actionpack
(RubyGems)
Oct 24, 2017
actionpack vulnerable to Path Traversal
Moderate
CVE-2014-7818
was published
for
actionpack
(RubyGems)
Oct 24, 2017
jquery-rails and jquery-ujs subject to Exposure of Sensitive Information
Moderate
CVE-2015-1840
was published
for
jquery-rails
(RubyGems)
Oct 24, 2017
rack-ssl Cross-site Scripting vulnerability
Moderate
CVE-2014-2538
was published
for
rack-ssl
(RubyGems)
Oct 24, 2017
Active Record Improper Access Control
Moderate
CVE-2015-7577
was published
for
activerecord
(RubyGems)
Oct 24, 2017
Directory traversal vulnerability in actionpack
Moderate
CVE-2014-7829
was published
for
actionpack
(RubyGems)
Oct 24, 2017
actionpack allows bypass of database-query restrictions
Moderate
CVE-2013-6417
was published
for
actionpack
(RubyGems)
Oct 24, 2017
Exposure of Sensitive Information in bio-basespace-sdk
Moderate
CVE-2013-7111
was published
for
bio-basespace-sdk
(RubyGems)
Oct 24, 2017
activesupport vulnerable to Denial of Service via large XML document depth
Moderate
CVE-2015-3227
was published
for
activesupport
(RubyGems)
Oct 24, 2017
actionpack Improper Input Validation vulnerability
Moderate
CVE-2014-0082
was published
for
actionpack
(RubyGems)
Oct 24, 2017
actionpack Cross-site Scripting vulnerability
Moderate
CVE-2013-6416
was published
for
actionpack
(RubyGems)
Oct 24, 2017
rails-html-sanitizer Cross-site Scripting vulnerability
Moderate
CVE-2015-7579
was published
for
rails-html-sanitizer
(RubyGems)
Oct 24, 2017
Web Console (Ruby gem) contains whitelisted_ips bypass
Moderate
CVE-2015-3224
was published
for
web-console
(RubyGems)
Oct 24, 2017
rbovirt uses the rest-client gem with SSL verification disabled
Moderate
CVE-2014-0036
was published
for
rbovirt
(RubyGems)
Oct 24, 2017
ProTip!
Advisories are also available from the
GraphQL API