GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,958
Erlang
29
GitHub Actions
16
Go
1,745
Maven
4,971
npm
3,507
NuGet
609
pip
3,066
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+
240,137 advisories
Filter by severity
Active Record subject to strong parameters protection bypass
High
CVE-2014-3514
was published
for
activerecord
(RubyGems)
Oct 24, 2017
Exposure of Sensitive Information in bio-basespace-sdk
Moderate
CVE-2013-7111
was published
for
bio-basespace-sdk
(RubyGems)
Oct 24, 2017
Active Record Improper Access Control
Moderate
CVE-2015-7577
was published
for
activerecord
(RubyGems)
Oct 24, 2017
actionpack allows bypass of database-query restrictions
Moderate
CVE-2013-6417
was published
for
actionpack
(RubyGems)
Oct 24, 2017
Active Record contains SQL Injection via improper range quoting
High
CVE-2014-3483
was published
for
activerecord
(RubyGems)
Oct 24, 2017
rack-ssl Cross-site Scripting vulnerability
Moderate
CVE-2014-2538
was published
for
rack-ssl
(RubyGems)
Oct 24, 2017
Directory traversal vulnerability in actionpack
Moderate
CVE-2014-7829
was published
for
actionpack
(RubyGems)
Oct 24, 2017
Regular Expression Denial of Service in semver
High
CVE-2015-8855
was published
for
semver
(npm)
Oct 24, 2017
rails-html-sanitizer Cross-site Scripting vulnerability
Moderate
CVE-2015-7578
was published
for
rails-html-sanitizer
(RubyGems)
Oct 24, 2017
activesupport vulnerable to Denial of Service via large XML document depth
Moderate
CVE-2015-3227
was published
for
activesupport
(RubyGems)
Oct 24, 2017
rest-client allows local users to obtain sensitive information by reading the log
Low
CVE-2015-3448
was published
for
rest-client
(RubyGems)
Oct 24, 2017
paperclip Cross-site Scripting vulnerability
Moderate
CVE-2015-2963
was published
for
paperclip
(RubyGems)
Oct 24, 2017
will_paginate Cross-site Scripting vulnerability
Moderate
CVE-2013-6459
was published
for
will_paginate
(RubyGems)
Oct 24, 2017
rails-html-sanitizer Cross-site Scripting vulnerability
Moderate
CVE-2015-7580
was published
for
rails-html-sanitizer
(RubyGems)
Oct 24, 2017
activesupport Cross-site Scripting vulnerability
Moderate
CVE-2015-3226
was published
for
activesupport
(RubyGems)
Oct 24, 2017
Aescrypt does not sufficiently use random values
High
CVE-2013-7463
was published
for
aescrypt
(RubyGems)
Oct 24, 2017
actionpack is vulnerable to remote bypass authentication
Low
CVE-2015-7576
was published
for
actionpack
(RubyGems)
Oct 24, 2017
actionpack vulnerable to Cross-site Scripting
Moderate
CVE-2013-6415
was published
for
actionpack
(RubyGems)
Oct 24, 2017
File Descriptor Leak Can Cause DoS Vulnerability in hapi
High
CVE-2014-3742
was published
for
hapi
(npm)
Oct 24, 2017
Regular Expression Denial of Service in uglify-js
High
CVE-2015-8858
was published
for
uglify-js
(npm)
Oct 24, 2017
Denial-of-Service Memory Exhaustion in qs
High
CVE-2014-7191
was published
for
qs
(npm)
Oct 24, 2017
Incorrect Handling of Non-Boolean Comparisons During Minification in uglify-js
Critical
CVE-2015-8857
was published
for
uglifier
(RubyGems)
Oct 24, 2017
Multiple XSS Filter Bypasses in validator
Moderate
CVE-2013-7454
was published
for
validator
(npm)
Oct 24, 2017
Moderate severity vulnerability that affects validator
Moderate
CVE-2013-7451
was published
for
validator
(npm)
Oct 24, 2017
ProTip!
Advisories are also available from the
GraphQL API