GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,956
Erlang
29
GitHub Actions
16
Go
1,740
Maven
4,967
npm
3,507
NuGet
609
pip
3,064
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+
54 advisories
Filter by severity
Denial of service via multipart parsing in Rack
Low
CVE-2022-44572
was published
for
rack
(RubyGems)
Jan 18, 2023
ember-source Cross-site Scripting vulnerability
Low
CVE-2014-0046
was published
for
ember-source
(RubyGems)
Aug 28, 2018
ReDoS based DoS vulnerability in GlobalID
Low
CVE-2023-22799
was published
for
globalid
(RubyGems)
Jan 18, 2023
Kafo allows local users to obtain passwords and other sensitive information by reading default_values.yaml
Low
CVE-2014-0135
was published
for
kafo
(RubyGems)
May 17, 2022
RuboCop gem Insecure use of /tmp
Low
CVE-2017-8418
was published
for
rubocop
(RubyGems)
Nov 15, 2017
Paratrooper-newrelic Exposes of Sensitive Information to an Unauthorized Actor
Low
CVE-2014-1234
was published
for
paratrooper-newrelic
(RubyGems)
Oct 24, 2017
Active Support Possibly Discloses Locally Encrypted Files
Low
CVE-2023-38037
was published
for
activesupport
(RubyGems)
Aug 23, 2023
ReDoS based DoS vulnerability in Active Support's underscore
Low
CVE-2023-22796
was published
for
activesupport
(RubyGems)
Jan 18, 2023
Possible Denial of Service Vulnerability in Rack's header parsing
Low
CVE-2023-27539
was published
for
rack
(RubyGems)
Mar 15, 2023
ruby_parser allows local users to overwrite arbitrary files via symlink attack on temporary file with predictable name
Low
CVE-2013-0162
was published
for
ruby_parser
(RubyGems)
May 5, 2022
Octopoller gem published with world-writable files
Low
CVE-2022-31071
was published
for
octopoller
(RubyGems)
Jun 15, 2022
Insecure use of temporary files in passenger
Low
CVE-2014-1831
was published
for
passenger
(RubyGems)
Oct 10, 2018
Local API Login Credentials Disclosure in paratrooper-pingdom
Low
CVE-2014-1233
was published
for
paratrooper-pingdom
(RubyGems)
Oct 24, 2017
Phusion Passenger allows remote attackers to spoof headers
Low
CVE-2015-7519
was published
for
passenger
(RubyGems)
Oct 10, 2018
Puppet Labs Facter allows local users to obtain sensitive Amazon EC2 IAM instance metadata
Low
CVE-2015-1426
was published
for
facter
(RubyGems)
May 14, 2022
ReDoS based DoS vulnerability in Action Dispatch
Low
CVE-2023-22795
was published
for
actionpack
(RubyGems)
Jan 18, 2023
Puppet supports use of IP addresses in certnames without warning of potential risks
Low
CVE-2012-3408
was published
for
puppet
(RubyGems)
Oct 24, 2017
CSRF allows attacker to finalize/unfinalize order adjustments in solidus_backend
Low
CVE-2022-31000
was published
for
solidus_backend
(RubyGems)
Jun 1, 2022
Puma with proxy which forwards LF characters as line endings could allow HTTP request smuggling
Low
CVE-2021-41136
was published
for
puma
(RubyGems)
Oct 12, 2021
Gitaly Insufficient Session Expiration vulnerability
Low
CVE-2020-13353
was published
for
gitaly
(RubyGems)
May 24, 2022
Katello cleartext password storage issue
Low
CVE-2019-14825
was published
for
katello
(RubyGems)
May 24, 2022
Unsanitized input leading to code injection in Dalli
Low
CVE-2022-4064
was published
for
dalli
(RubyGems)
Nov 19, 2022
fluentd vulnerable to remote code execution due to insecure deserialization (in non-default configuration)
Low
CVE-2022-39379
was published
for
fluentd
(RubyGems)
Nov 2, 2022
Octokit gem published with world-writable files
Low
CVE-2022-31072
was published
for
octokit
(RubyGems)
Jun 15, 2022
Potential Denial-of-Service in bindata
Low
CVE-2021-32823
was published
for
bindata
(RubyGems)
Jun 23, 2021
ProTip!
Advisories are also available from the
GraphQL API