GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,079
Erlang
29
GitHub Actions
19
Go
1,905
Maven
5,000+
npm
3,637
NuGet
638
pip
3,256
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
414 advisories
Filter by severity
Mechanize before v2.8.5 vulnerable to authorization header leak on port redirect
Moderate
CVE-2022-31033
was published
for
mechanize
(RubyGems)
Jun 9, 2022
Cross site scripting in publify
Moderate
CVE-2021-25975
was published
for
publify_core
(RubyGems)
May 24, 2022
Cross site scripting in publify
Moderate
CVE-2021-25974
was published
for
publify_core
(RubyGems)
May 24, 2022
Tarball permission preservation in puppet
Moderate
CVE-2017-10689
was published
for
puppet
(RubyGems)
May 13, 2022
Phusion Passenger incorrect permission assignment
Moderate
CVE-2018-12615
was published
for
passenger
(RubyGems)
May 13, 2022
Phusion Passenger information disclosure
Moderate
CVE-2017-16355
was published
for
passenger
(RubyGems)
May 13, 2022
katello Improper Privilege Management vulnerability
Moderate
CVE-2017-2662
was published
for
katello
(RubyGems)
May 13, 2022
Ember.js Cross-site Scripting vulnerability
Moderate
CVE-2014-0013
was published
for
ember-source
(RubyGems)
May 14, 2022
VladTheEnterprising allows local users to write to arbitrary files via a symlink attack
Moderate
CVE-2014-4996
was published
for
VladTheEnterprising
(RubyGems)
May 14, 2022
Authlogic Information Exposure vulnerability
Moderate
CVE-2012-6497
was published
for
authlogic
(RubyGems)
May 14, 2022
Camaleon CMS Stored Cross-site Scripting vulnerability
Moderate
CVE-2021-25969
was published
for
camaleon_cms
(RubyGems)
May 24, 2022
ldap_fluff authentication bypass
Moderate
CVE-2012-5604
was published
for
ldap_fluff
(RubyGems)
May 14, 2022
Improper Certificate Validation in TweetStream
Moderate
CVE-2020-24393
was published
for
tweetstream
(RubyGems)
Apr 13, 2021
radiant vulnerable to Cross-site Scripting
Moderate
CVE-2018-7261
was published
for
radiant
(RubyGems)
Jul 27, 2018
Sinatra Path Traversal vulnerability
Moderate
CVE-2018-7212
was published
for
sinatra
(RubyGems)
Feb 20, 2018
Cross-site scripting in padrino-contrib
Moderate
CVE-2019-16145
was published
for
padrino-contrib
(RubyGems)
Sep 23, 2019
Several quadratic complexity bugs may lead to denial of service in Commonmarker
Moderate
GHSA-636f-xm5j-pj9m
was published
for
commonmarker
(RubyGems)
Jan 24, 2023
net-ldap has weak salt when generating passwords
Moderate
CVE-2014-0083
was published
for
net-ldap
(RubyGems)
May 24, 2022
Cross-site Scripting in Sidekiq
Moderate
CVE-2021-30151
was published
for
sidekiq
(RubyGems)
Oct 6, 2021
rails-html-sanitizer Cross-site Scripting vulnerability
Moderate
CVE-2015-7579
was published
for
rails-html-sanitizer
(RubyGems)
Oct 24, 2017
rack-mini-profiler allows remote attackers to obtain sensitive information about allocated strings and objects
Moderate
CVE-2016-4442
was published
for
rack-mini-profiler
(RubyGems)
Oct 24, 2017
rails-html-sanitizer Cross-site Scripting vulnerability
Moderate
CVE-2015-7580
was published
for
rails-html-sanitizer
(RubyGems)
Oct 24, 2017
devise Time-of-check Time-of-use Race Condition vulnerability
Moderate
CVE-2019-5421
was published
for
devise
(RubyGems)
Mar 19, 2019
paperclip Cross-site Scripting vulnerability
Moderate
CVE-2015-2963
was published
for
paperclip
(RubyGems)
Oct 24, 2017
rails-html-sanitizer Cross-site Scripting vulnerability
Moderate
CVE-2015-7578
was published
for
rails-html-sanitizer
(RubyGems)
Oct 24, 2017
ProTip!
Advisories are also available from the
GraphQL API