Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,079
Erlang
29
GitHub Actions
19
Go
1,905
Maven
5,000+
npm
3,637
NuGet
638
pip
3,256
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

414 advisories

Loading
Mechanize before v2.8.5 vulnerable to authorization header leak on port redirect Moderate
CVE-2022-31033 was published for mechanize (RubyGems) Jun 9, 2022
Cross site scripting in publify Moderate
CVE-2021-25975 was published for publify_core (RubyGems) May 24, 2022
Cross site scripting in publify Moderate
CVE-2021-25974 was published for publify_core (RubyGems) May 24, 2022
Tarball permission preservation in puppet Moderate
CVE-2017-10689 was published for puppet (RubyGems) May 13, 2022
BenK0lin
Phusion Passenger incorrect permission assignment Moderate
CVE-2018-12615 was published for passenger (RubyGems) May 13, 2022
jhutchings1
Phusion Passenger information disclosure Moderate
CVE-2017-16355 was published for passenger (RubyGems) May 13, 2022
jhutchings1
katello Improper Privilege Management vulnerability Moderate
CVE-2017-2662 was published for katello (RubyGems) May 13, 2022
Ember.js Cross-site Scripting vulnerability Moderate
CVE-2014-0013 was published for ember-source (RubyGems) May 14, 2022
VladTheEnterprising allows local users to write to arbitrary files via a symlink attack Moderate
CVE-2014-4996 was published for VladTheEnterprising (RubyGems) May 14, 2022
Authlogic Information Exposure vulnerability Moderate
CVE-2012-6497 was published for authlogic (RubyGems) May 14, 2022
Camaleon CMS Stored Cross-site Scripting vulnerability Moderate
CVE-2021-25969 was published for camaleon_cms (RubyGems) May 24, 2022
ldap_fluff authentication bypass Moderate
CVE-2012-5604 was published for ldap_fluff (RubyGems) May 14, 2022
Improper Certificate Validation in TweetStream Moderate
CVE-2020-24393 was published for tweetstream (RubyGems) Apr 13, 2021
radiant vulnerable to Cross-site Scripting Moderate
CVE-2018-7261 was published for radiant (RubyGems) Jul 27, 2018
Sinatra Path Traversal vulnerability Moderate
CVE-2018-7212 was published for sinatra (RubyGems) Feb 20, 2018
Cross-site scripting in padrino-contrib Moderate
CVE-2019-16145 was published for padrino-contrib (RubyGems) Sep 23, 2019
Several quadratic complexity bugs may lead to denial of service in Commonmarker Moderate
GHSA-636f-xm5j-pj9m was published for commonmarker (RubyGems) Jan 24, 2023
net-ldap has weak salt when generating passwords Moderate
CVE-2014-0083 was published for net-ldap (RubyGems) May 24, 2022
Cross-site Scripting in Sidekiq Moderate
CVE-2021-30151 was published for sidekiq (RubyGems) Oct 6, 2021
rails-html-sanitizer Cross-site Scripting vulnerability Moderate
CVE-2015-7579 was published for rails-html-sanitizer (RubyGems) Oct 24, 2017
rack-mini-profiler allows remote attackers to obtain sensitive information about allocated strings and objects Moderate
CVE-2016-4442 was published for rack-mini-profiler (RubyGems) Oct 24, 2017
rails-html-sanitizer Cross-site Scripting vulnerability Moderate
CVE-2015-7580 was published for rails-html-sanitizer (RubyGems) Oct 24, 2017
devise Time-of-check Time-of-use Race Condition vulnerability Moderate
CVE-2019-5421 was published for devise (RubyGems) Mar 19, 2019
paperclip Cross-site Scripting vulnerability Moderate
CVE-2015-2963 was published for paperclip (RubyGems) Oct 24, 2017
rails-html-sanitizer Cross-site Scripting vulnerability Moderate
CVE-2015-7578 was published for rails-html-sanitizer (RubyGems) Oct 24, 2017
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database