GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,776
Maven
5,000+
npm
3,542
NuGet
617
pip
3,125
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+
838 advisories
Filter by severity
Aescrypt does not sufficiently use random values
High
CVE-2013-7463
was published
for
aescrypt
(RubyGems)
Oct 24, 2017
actionpack is vulnerable to denial of service because of a wildcard controller route
High
CVE-2015-7581
was published
for
actionpack
(RubyGems)
Oct 24, 2017
actionpack allows bypass of database-query restrictions
Moderate
CVE-2013-6417
was published
for
actionpack
(RubyGems)
Oct 24, 2017
Active Record Improper Access Control
Moderate
CVE-2015-7577
was published
for
activerecord
(RubyGems)
Oct 24, 2017
jquery-rails and jquery-ujs subject to Exposure of Sensitive Information
Moderate
CVE-2015-1840
was published
for
jquery-rails
(RubyGems)
Oct 24, 2017
Paratrooper-newrelic Exposes of Sensitive Information to an Unauthorized Actor
Low
CVE-2014-1234
was published
for
paratrooper-newrelic
(RubyGems)
Oct 24, 2017
actionpack vulnerable to Path Traversal
Moderate
CVE-2014-7818
was published
for
actionpack
(RubyGems)
Oct 24, 2017
will_paginate Cross-site Scripting vulnerability
Moderate
CVE-2013-6459
was published
for
will_paginate
(RubyGems)
Oct 24, 2017
paperclip Cross-site Scripting vulnerability
Moderate
CVE-2015-2963
was published
for
paperclip
(RubyGems)
Oct 24, 2017
rails-html-sanitizer Cross-site Scripting vulnerability
Moderate
CVE-2015-7578
was published
for
rails-html-sanitizer
(RubyGems)
Oct 24, 2017
activesupport vulnerable to Denial of Service via large XML document depth
Moderate
CVE-2015-3227
was published
for
activesupport
(RubyGems)
Oct 24, 2017
rest-client allows local users to obtain sensitive information by reading the log
Low
CVE-2015-3448
was published
for
rest-client
(RubyGems)
Oct 24, 2017
rails-html-sanitizer Cross-site Scripting vulnerability
Moderate
CVE-2015-7580
was published
for
rails-html-sanitizer
(RubyGems)
Oct 24, 2017
activesupport Cross-site Scripting vulnerability
Moderate
CVE-2015-3226
was published
for
activesupport
(RubyGems)
Oct 24, 2017
rails-html-sanitizer Cross-site Scripting vulnerability
Moderate
CVE-2015-7579
was published
for
rails-html-sanitizer
(RubyGems)
Oct 24, 2017
actionpack Improper Input Validation vulnerability
Moderate
CVE-2014-0082
was published
for
actionpack
(RubyGems)
Oct 24, 2017
facter, hiera, mcollective-client, and puppet affected by untrusted search path vulnerability
Moderate
CVE-2014-3248
was published
for
facter
(RubyGems)
Oct 24, 2017
Mail Gem CRLF Injection vulnerability
Moderate
CVE-2015-9097
was published
for
mail
(RubyGems)
Oct 24, 2017
actionpack Cross-site Scripting vulnerability
Moderate
CVE-2013-6416
was published
for
actionpack
(RubyGems)
Oct 24, 2017
colorscore Command Injection vulnerability
Critical
CVE-2015-7541
was published
for
colorscore
(RubyGems)
Oct 24, 2017
sentry-raven allows remote attackers to cause a denial of service via a large exponent value in a scientific number
Moderate
CVE-2014-9490
was published
for
sentry-raven
(RubyGems)
Oct 24, 2017
sprout Arbitrary Code Execution vulnerability
High
CVE-2013-6421
was published
for
sprout
(RubyGems)
Oct 24, 2017
Webbynode Code Injection vulnerability
High
CVE-2013-7086
was published
for
webbynode
(RubyGems)
Oct 24, 2017
Arabic Prawn allows remote attackers to execute arbitrary commands via shell metacharacters
High
CVE-2014-2322
was published
for
arabic-prawn
(RubyGems)
Oct 24, 2017
Web Console (Ruby gem) contains whitelisted_ips bypass
Moderate
CVE-2015-3224
was published
for
web-console
(RubyGems)
Oct 24, 2017
ProTip!
Advisories are also available from the
GraphQL API