GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,967
Erlang
29
GitHub Actions
16
Go
1,748
Maven
4,978
npm
3,509
NuGet
609
pip
3,075
Pub
10
RubyGems
832
Rust
781
Swift
34
Unreviewed advisories
All unreviewed
5,000+
289 advisories
Filter by severity
avo vulnerable to stored cross-site scripting (XSS) in key_value field
High
CVE-2024-22191
was published
for
avo
(RubyGems)
Jan 16, 2024
RedCloth Regular Expression Denial of Service issue
High
CVE-2023-31606
was published
for
RedCloth
(RubyGems)
Jun 6, 2023
Omniauth::MicrosoftGraph Account takeover (nOAuth)
High
CVE-2024-21632
was published
for
omniauth-microsoft_graph
(RubyGems)
Jan 3, 2024
encoded_id-rails potential DOS vulnerability due to URIs with extremely long encoded IDs
High
CVE-2024-0241
was published
for
encoded_id-rails
(RubyGems)
Oct 24, 2023
Integer overflow in cmark-gfm table parsing extension leads to heap memory corruption
High
CVE-2024-22051
was published
for
commonmarker
(RubyGems)
Mar 3, 2022
Potential CSV export data leak
High
CVE-2023-50448
was published
for
activeadmin
(RubyGems)
Dec 15, 2023
Duplicate Advisory: Integer overflow in cmark-gfm table parsing extension leads to heap memory corruption
High
GHSA-c2v4-chx5-vff6
was published
for
commonmarker
(RubyGems)
Jan 4, 2024
•
withdrawn
Duplicate Advisory: encoded_id-rails potential DOS vulnerability due to URIs with extremely long encoded IDs
High
GHSA-4553-hq82-8654
was published
for
encoded_id-rails
(RubyGems)
Jan 4, 2024
•
withdrawn
Duplicate Advisory: ActiveAdmin vulnerable to CSV injection
High
GHSA-rqxc-9p8h-xqgq
was published
for
activeadmin
(RubyGems)
Dec 24, 2023
•
withdrawn
Rack has possible DoS Vulnerability in Multipart MIME parsing
High
CVE-2023-27530
was published
for
rack
(RubyGems)
Mar 8, 2023
Denial of service via header parsing in Rack
High
CVE-2022-44570
was published
for
rack
(RubyGems)
Jan 18, 2023
jruby-openssl gem for JRuby fails to do proper certificate validation
High
CVE-2009-4123
was published
for
jruby-openssl
(RubyGems)
Jan 19, 2023
Devise Gem for Ruby Unauthorized Access Using "Remember Me" Cookie
High
CVE-2015-8314
was published
for
devise
(RubyGems)
Jan 26, 2023
Denial of Service Vulnerability in Rack Multipart Parsing
High
CVE-2022-30122
was published
for
rack
(RubyGems)
May 27, 2022
Decidim Cross-site Scripting vulnerability in the processes filter
High
CVE-2023-34089
was published
for
decidim
(RubyGems)
Jul 11, 2023
Sanitize vulnerable to Cross-site Scripting via insufficient neutralization of `style` element content
High
CVE-2023-36823
was published
for
sanitize
(RubyGems)
Jul 6, 2023
Logstash Logs Sensitive Information
High
CVE-2016-1000221
was published
for
logstash-core
(RubyGems)
May 14, 2022
Improper Access Control in activejob
High
CVE-2018-16476
was published
for
activejob
(RubyGems)
Dec 5, 2018
gollum and gollum-lib allow remote authenticated users to execute arbitrary code
High
CVE-2014-9489
was published
for
gollum
(RubyGems)
Nov 16, 2017
Dragonfly Code Injection vulnerability
High
CVE-2013-1756
was published
for
dragonfly
(RubyGems)
Oct 24, 2017
activerecord vulnerable to SQL Injection
High
CVE-2011-2930
was published
for
activerecord
(RubyGems)
Oct 24, 2017
activerecord vulnerable to SQL Injection
High
CVE-2012-2695
was published
for
activerecord
(RubyGems)
Oct 24, 2017
ProTip!
Advisories are also available from the
GraphQL API