GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,971
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,091
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
289 advisories
Filter by severity
Improper Certificate Validation in oauth ruby gem
High
CVE-2016-11086
was published
for
oauth
(RubyGems)
Apr 22, 2021
Exposure of Sensitive Information to an Unauthorized Actor in foreman_fog_proxmox
High
CVE-2021-20259
was published
for
foreman_fog_proxmox
(RubyGems)
Jun 10, 2021
A potential Denial of Service issue in protobuf-java
High
CVE-2021-22569
was published
for
com.google.protobuf:protobuf-java
(RubyGems)
Jan 7, 2022
HTTP Request Smuggling in goliath
High
CVE-2020-7671
was published
for
goliath
(RubyGems)
May 24, 2021
Prototype Pollution in chartkick
High
CVE-2019-18841
was published
for
chartkick
(RubyGems)
Dec 2, 2019
omniauth-facebook Improper Authentication vulnerability
High
CVE-2013-4593
was published
for
omniauth-facebook
(RubyGems)
May 5, 2022
kajam allows local users to obtain sensitive information by listing the process
High
CVE-2014-4999
was published
for
kajam
(RubyGems)
May 14, 2022
lean-ruport allows local users to obtain sensitive information by listing the process
High
CVE-2014-4998
was published
for
lean-ruport
(RubyGems)
May 14, 2022
VladTheEnterprising allows local users to obtain sensitive information by reading MySQL root password from temporary file
High
CVE-2014-4995
was published
for
VladTheEnterprising
(RubyGems)
May 14, 2022
point-cli allows local users to obtain sensitive information by listing the process
High
CVE-2014-4997
was published
for
point-cli
(RubyGems)
May 14, 2022
Tempfile on Windows path traversal vulnerability
High
CVE-2021-28966
was published
for
tmpdir
(RubyGems)
May 6, 2021
active_attr Improper Resource Shutdown or Release vulnerability
High
CVE-2021-4250
was published
for
active_attr
(RubyGems)
Dec 19, 2022
PgHero Allows Information Disclosure Through EXPLAIN Feature
High
CVE-2023-22626
was published
for
pghero
(RubyGems)
Jan 5, 2023
arr-pm vulnerable to arbitrary shell execution when extracting or listing files contained in a malicious rpm.
High
CVE-2022-39224
was published
for
arr-pm
(RubyGems)
Sep 21, 2022
TZInfo relative path traversal vulnerability allows loading of arbitrary files
High
CVE-2022-31163
was published
for
tzinfo
(RubyGems)
Jul 21, 2022
Out-of-bounds read in nokogiri
High
CVE-2017-9050
was published
for
nokogiri
(RubyGems)
Dec 13, 2017
Remote code execution in Kramdown
High
CVE-2021-28834
was published
for
kramdown
(RubyGems)
Mar 29, 2021
Dependency Confusion in Bundler
High
CVE-2020-36327
was published
for
bundler
(RubyGems)
May 24, 2021
ruby-git has potential remote code execution vulnerability
High
CVE-2022-46648
was published
for
git
(RubyGems)
Jan 9, 2023
Unchecked return value from xmlTextReaderExpand
High
CVE-2022-23476
was published
for
nokogiri
(RubyGems)
Dec 8, 2022
Sinatra vulnerable to Reflected File Download attack
High
CVE-2022-45442
was published
for
sinatra
(RubyGems)
Nov 30, 2022
ProTip!
Advisories are also available from the
GraphQL API