Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

389 advisories

Loading
Rails has possible Sensitive Session Information Leak in Active Storage Moderate
CVE-2024-26144 was published for activestorage (RubyGems) Feb 27, 2024
yoshizawa-masatoshi tyage
postmodern
YARD's default template vulnerable to Cross-site Scripting in generated frames.html Moderate
CVE-2024-27285 was published for yard (RubyGems) Feb 28, 2024
RedYetiDev
Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial) Moderate
CVE-2024-25126 was published for rack (RubyGems) Feb 28, 2024
byroot
json-jwt allows bypass of identity checks via a sign/encryption confusion attack Moderate
CVE-2023-51774 was published for json-jwt (RubyGems) Feb 29, 2024
postmodern sorah
Capncavedan
ROTP 6.2.2 and 6.2.1 has 0666 permissions for the .rb files. Moderate
CVE-2024-28862 was published for rotp (RubyGems) Mar 18, 2024
G-Rath
Use-after-free in libxml2 via Nokogiri::XML::Reader Moderate
GHSA-vcc3-rw6f-jv97 was published for nokogiri (RubyGems) Mar 18, 2024
CarrierWave content-Type allowlist bypass vulnerability which possibly leads to XSS remained Moderate
CVE-2024-29034 was published for carrierwave (RubyGems) Mar 25, 2024
a-zara-n
Sidekiq vulnerable to a Reflected XSS in Queues Web Page Moderate
CVE-2024-32887 was published for sidekiq (RubyGems) Apr 26, 2024
UmerAdeemCheema
Trix Editor Arbitrary Code Execution Vulnerability Moderate
CVE-2024-34341 was published for actiontext (RubyGems) May 7, 2024
chadlwilson
REXML contains a denial of service vulnerability Moderate
CVE-2024-35176 was published for rexml (RubyGems) May 16, 2024
Kaminari Insecure File Permissions Vulnerability Moderate
CVE-2024-32978 was published for kaminari (RubyGems) May 28, 2024
G-Rath
ActionText ContentAttachment can Contain Unsanitized HTML Moderate
CVE-2024-32464 was published for actiontext (RubyGems) Jun 4, 2024
ooooooo-q
Missing security headers in Action Pack on non-HTML responses Moderate
CVE-2024-28103 was published for actionpack (RubyGems) Jun 4, 2024
shinkbr
Rack ReDoS Vulnerability in HTTP Accept Headers Parsing Moderate
CVE-2024-39316 was published for rack (RubyGems) Jul 3, 2024
dwisiswant0
ProTip! Advisories are also available from the GraphQL API