GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,634
NuGet
638
pip
3,250
Pub
10
RubyGems
867
Rust
819
Swift
35
Unreviewed advisories
All unreviewed
5,000+
413 advisories
Filter by severity
Rails::Html::Sanitizer vulnerable to Cross-site Scripting
Moderate
CVE-2022-32209
was published
for
rails-html-sanitizer
(RubyGems)
Jun 25, 2022
Open Redirect in ActionPack
Moderate
CVE-2021-22942
was published
for
actionpack
(RubyGems)
Aug 26, 2021
Puppet Arbitrary Command Execution
Moderate
CVE-2012-1988
was published
for
puppet
(RubyGems)
May 14, 2022
Denial of Service in uap-core when processing crafted User-Agent strings
Moderate
CVE-2020-5243
was published
for
uap-core
(RubyGems)
Feb 20, 2020
Chef Improper Access Control vulnerability
Moderate
CVE-2010-5142
was published
for
chef
(RubyGems)
May 17, 2022
actionpack Open Redirect in Host Authorization Middleware
Moderate
CVE-2021-44528
was published
for
actionpack
(RubyGems)
Dec 14, 2021
Possibility to circumvent the invitation token expiry period
Moderate
CVE-2023-48220
was published
for
decidim
(RubyGems)
Feb 20, 2024
Possible CSRF attack at questionnaire templates preview
Moderate
CVE-2023-47635
was published
for
decidim-templates
(RubyGems)
Feb 20, 2024
Cross-site scripting (XSS) in the dynamic file uploads
Moderate
CVE-2023-51447
was published
for
decidim
(RubyGems)
Feb 20, 2024
Withdrawn Advisory: Fat Free CRM Cross-site Scripting vulnerability
Moderate
CVE-2019-10226
was published
for
fat_free_crm
(RubyGems)
May 24, 2022
•
withdrawn
Oxidized Web vulnerable to Cross-site Scripting
Moderate
CVE-2019-25088
was published
for
oxidized-web
(RubyGems)
Dec 27, 2022
Sisimai Inefficient Regular Expression Complexity vulnerability
Moderate
CVE-2022-4891
was published
for
sisimai
(RubyGems)
Jan 17, 2023
Rack CORS Middleware has Insecure File Permissions
Moderate
CVE-2024-27456
was published
for
rack-cors
(RubyGems)
Feb 26, 2024
json-jwt allows bypass of identity checks via a sign/encryption confusion attack
Moderate
CVE-2023-51774
was published
for
json-jwt
(RubyGems)
Feb 29, 2024
Use-after-free in libxml2 via Nokogiri::XML::Reader
Moderate
GHSA-vcc3-rw6f-jv97
was published
for
nokogiri
(RubyGems)
Mar 18, 2024
ROTP 6.2.2 and 6.2.1 has 0666 permissions for the .rb files.
Moderate
CVE-2024-28862
was published
for
rotp
(RubyGems)
Mar 18, 2024
Nokogiri update packaged libxml2 to v2.12.5 to resolve CVE-2024-25062
Moderate
GHSA-xc9x-jj77-9p9j
was published
for
nokogiri
(RubyGems)
Feb 5, 2024
Devise-Two-Factor vulnerable to brute force attacks
Moderate
CVE-2024-0227
was published
for
devise-two-factor
(RubyGems)
Jan 12, 2024
•
withdrawn
YARD's default template vulnerable to Cross-site Scripting in generated frames.html
Moderate
CVE-2024-27285
was published
for
yard
(RubyGems)
Feb 28, 2024
AlchemyCMS is vulnerable to stored XSS via the /admin/pictures image field
Moderate
CVE-2018-18307
was published
for
alchemy_cms
(RubyGems)
May 14, 2022
CarrierWave content-Type allowlist bypass vulnerability which possibly leads to XSS remained
Moderate
CVE-2024-29034
was published
for
carrierwave
(RubyGems)
Mar 25, 2024
XSS in jQuery as used in Drupal, Backdrop CMS, and other products
Moderate
CVE-2019-11358
was published
for
django
(RubyGems)
Apr 26, 2019
Sidekiq vulnerable to a Reflected XSS in Queues Web Page
Moderate
CVE-2024-32887
was published
for
sidekiq
(RubyGems)
Apr 26, 2024
URI gem has ReDoS vulnerability
Moderate
CVE-2023-36617
was published
for
uri
(RubyGems)
Jun 29, 2023
Potential XSS vulnerability in jQuery
Moderate
CVE-2020-11023
was published
for
jQuery
(RubyGems)
Apr 29, 2020
ProTip!
Advisories are also available from the
GraphQL API