GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,967
Erlang
29
GitHub Actions
16
Go
1,748
Maven
4,978
npm
3,509
NuGet
609
pip
3,075
Pub
10
RubyGems
832
Rust
781
Swift
34
Unreviewed advisories
All unreviewed
5,000+
101 advisories
Filter by severity
Incorrect Handling of Non-Boolean Comparisons During Minification in uglify-js
Critical
CVE-2015-8857
was published
for
uglifier
(RubyGems)
Oct 24, 2017
JMESPath for Ruby uses unsafe JSON.load when safe JSON.parse is preferable
Critical
CVE-2022-32511
was published
for
jmespath
(RubyGems)
Jun 7, 2022
Buffer overflow in sponge queue functions
Critical
CVE-2022-37454
was published
for
pysha3
(RubyGems)
Apr 26, 2023
Remote shell execution vulnerability in image_processing
Critical
CVE-2022-24720
was published
for
image_processing
(RubyGems)
Mar 1, 2022
CSV-Safe improperly filters special characters potentially leading to CSV injection
Critical
CVE-2022-28481
was published
for
csv-safe
(RubyGems)
May 3, 2022
Command Injection vulnerability in asciidoctor-include-ext
Critical
CVE-2022-24803
was published
for
asciidoctor-include-ext
(RubyGems)
Mar 31, 2022
Puma vulnerable to HTTP Request Smuggling
Critical
CVE-2022-24790
was published
for
puma
(RubyGems)
Mar 30, 2022
Server side request forgery in gibbon
Critical
CVE-2022-27311
was published
for
gibbon
(RubyGems)
Apr 26, 2022
Authentication Bypass by CSRF Weakness
Critical
CVE-2021-41275
was published
for
spree_auth_devise
(RubyGems)
Nov 18, 2021
Authentication Bypass by CSRF Weakness
Critical
CVE-2021-41274
was published
for
solidus_auth_devise
(RubyGems)
Nov 18, 2021
Authentication Bypass by CSRF Weakness
Critical
GHSA-gpqc-4pp7-5954
was published
for
spree_auth_devise
(RubyGems)
Nov 18, 2021
Authentication Bypass by CSRF Weakness
Critical
GHSA-8xfw-5q82-3652
was published
for
spree_auth_devise
(RubyGems)
Nov 18, 2021
Authentication Bypass by CSRF Weakness
Critical
GHSA-6mqr-q86q-6gwr
was published
for
spree_auth_devise
(RubyGems)
Nov 18, 2021
restforce vulnerable to Improper Input Validation
Critical
CVE-2018-3777
was published
for
restforce
(RubyGems)
Aug 3, 2018
Remote code execution in ruby-jss
Critical
CVE-2021-33575
was published
for
ruby-jss
(RubyGems)
Oct 6, 2021
Bundler allows attacker to inject arbitrary code via secondary Gem source
Critical
CVE-2016-7954
was published
for
bundler
(RubyGems)
May 14, 2022
Phusion Passenger SpawningKit Contains Arbitrary Read/Write Vulnerability
Critical
CVE-2018-12026
was published
for
passenger
(RubyGems)
May 14, 2022
ruby-openid SSRF via claimed_id request
Critical
CVE-2019-11027
was published
for
ruby-openid
(RubyGems)
Jun 13, 2019
Shell Metacharacter Injection in kelredd-pruview
Critical
CVE-2013-1947
was published
for
kelredd-pruview
(RubyGems)
Oct 24, 2017
Airbrake keys not being filtered
Critical
CVE-2019-16060
was published
for
airbrake-ruby
(RubyGems)
Sep 11, 2019
Use of Insufficiently Random Values in Railties Allows Remote Code Execution
Critical
CVE-2019-5420
was published
for
railties
(RubyGems)
Mar 13, 2019
Ruby Openssl Allows Incorrect Value Comparison
Critical
CVE-2018-16395
was published
for
openssl
(RubyGems)
May 13, 2022
PDFKit Improper Input Validation vulnerability
Critical
CVE-2013-1607
was published
for
pdfkit
(RubyGems)
May 5, 2022
ProTip!
Advisories are also available from the
GraphQL API