Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,967
Erlang
29
GitHub Actions
16
Go
1,748
Maven
4,978
npm
3,509
NuGet
609
pip
3,075
Pub
10
RubyGems
832
Rust
781
Swift
34
Unreviewed advisories
All unreviewed
5,000+

101 advisories

Loading
Incorrect Handling of Non-Boolean Comparisons During Minification in uglify-js Critical
CVE-2015-8857 was published for uglifier (RubyGems) Oct 24, 2017
JMESPath for Ruby uses unsafe JSON.load when safe JSON.parse is preferable Critical
CVE-2022-32511 was published for jmespath (RubyGems) Jun 7, 2022
plygrnd tdunlap607
Buffer overflow in sponge queue functions Critical
CVE-2022-37454 was published for pysha3 (RubyGems) Apr 26, 2023
Remote shell execution vulnerability in image_processing Critical
CVE-2022-24720 was published for image_processing (RubyGems) Mar 1, 2022
CSV-Safe improperly filters special characters potentially leading to CSV injection Critical
CVE-2022-28481 was published for csv-safe (RubyGems) May 3, 2022
Command Injection vulnerability in asciidoctor-include-ext Critical
CVE-2022-24803 was published for asciidoctor-include-ext (RubyGems) Mar 31, 2022
joernchen
Puma vulnerable to HTTP Request Smuggling Critical
CVE-2022-24790 was published for puma (RubyGems) Mar 30, 2022
zeyu2001
Server side request forgery in gibbon Critical
CVE-2022-27311 was published for gibbon (RubyGems) Apr 26, 2022
Plsr
Authentication Bypass by CSRF Weakness Critical
CVE-2021-41275 was published for spree_auth_devise (RubyGems) Nov 18, 2021
Authentication Bypass by CSRF Weakness Critical
CVE-2021-41274 was published for solidus_auth_devise (RubyGems) Nov 18, 2021
Authentication Bypass by CSRF Weakness Critical
GHSA-gpqc-4pp7-5954 was published for spree_auth_devise (RubyGems) Nov 18, 2021
jasnow
Authentication Bypass by CSRF Weakness Critical
GHSA-8xfw-5q82-3652 was published for spree_auth_devise (RubyGems) Nov 18, 2021
jasnow
Authentication Bypass by CSRF Weakness Critical
GHSA-6mqr-q86q-6gwr was published for spree_auth_devise (RubyGems) Nov 18, 2021
jasnow tdunlap607
restforce vulnerable to Improper Input Validation Critical
CVE-2018-3777 was published for restforce (RubyGems) Aug 3, 2018
Remote code execution in ruby-jss Critical
CVE-2021-33575 was published for ruby-jss (RubyGems) Oct 6, 2021
Bundler allows attacker to inject arbitrary code via secondary Gem source Critical
CVE-2016-7954 was published for bundler (RubyGems) May 14, 2022
Phusion Passenger SpawningKit Contains Arbitrary Read/Write Vulnerability Critical
CVE-2018-12026 was published for passenger (RubyGems) May 14, 2022
Command injection in ruby-git Critical
CVE-2022-25648 was published for git (RubyGems) Apr 20, 2022
ruby-openid SSRF via claimed_id request Critical
CVE-2019-11027 was published for ruby-openid (RubyGems) Jun 13, 2019
Shell Metacharacter Injection in kelredd-pruview Critical
CVE-2013-1947 was published for kelredd-pruview (RubyGems) Oct 24, 2017
SQL Injection in Geocoder Critical
CVE-2020-7981 was published for geocoder (RubyGems) Jun 10, 2020
Airbrake keys not being filtered Critical
CVE-2019-16060 was published for airbrake-ruby (RubyGems) Sep 11, 2019
Use of Insufficiently Random Values in Railties Allows Remote Code Execution Critical
CVE-2019-5420 was published for railties (RubyGems) Mar 13, 2019
Ruby Openssl Allows Incorrect Value Comparison Critical
CVE-2018-16395 was published for openssl (RubyGems) May 13, 2022
postmodern
PDFKit Improper Input Validation vulnerability Critical
CVE-2013-1607 was published for pdfkit (RubyGems) May 5, 2022
ProTip! Advisories are also available from the GraphQL API