Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,765
Maven
4,990
npm
3,536
NuGet
616
pip
3,105
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+

102 advisories

Loading
Bootstrap-sass contains code execution backdoor Critical
CVE-2019-10842 was published for bootstrap-sass (RubyGems) Apr 4, 2019
ruby-openid SSRF via claimed_id request Critical
CVE-2019-11027 was published for ruby-openid (RubyGems) Jun 13, 2019
strong_password Ruby gem malicious version causing Remote Code Execution vulnerability Critical
CVE-2019-13354 was published for strong_password (RubyGems) Jul 8, 2019
Slanger Arbitrary command execution Critical
CVE-2019-1010306 was published for slanger (RubyGems) Jul 16, 2019
paranoid2 gem Code backdoor Critical
CVE-2019-13589 was published for paranoid2 (RubyGems) Jul 16, 2019
SQL Injection in marginalia Critical
CVE-2019-1010191 was published for marginalia (RubyGems) Jul 26, 2019
Code backdoor in simple_captcha2 Critical
CVE-2019-14282 was published for simple_captcha2 (RubyGems) Jul 31, 2019
datagrid contains code Injection backdoor Critical
CVE-2019-14281 was published for datagrid (RubyGems) Jul 31, 2019
Nokogiri Command Injection Vulnerability Critical
CVE-2019-5477 was published for nokogiri (RubyGems) Aug 19, 2019
tdunlap607
rest-client Gem Contains Malicious Code Critical
CVE-2019-15224 was published for awesome-bot (RubyGems) Aug 20, 2019
Airbrake keys not being filtered Critical
CVE-2019-16060 was published for airbrake-ruby (RubyGems) Sep 11, 2019
Consul gem insufficient authentication check - Multiple powers in one controller are not always checked correctly Critical
CVE-2019-16377 was published for consul (RubyGems) Sep 27, 2019
Improper Input Validation in simple_form Critical
CVE-2019-16676 was published for simple_form (RubyGems) Sep 30, 2019
kurt-r2c
netaddr before 1.5.3 and 2.0.4 has Incorrect Default Permissions Critical
CVE-2019-17383 was published for netaddr (RubyGems) Oct 14, 2019
stuarthannig
Prototype Pollution in handlebars Critical
CVE-2019-19919 was published for bootstrap-wysihtml5-rails (RubyGems) Dec 26, 2019
BibTeX-Ruby vulnerable to OS command injection Critical
CVE-2019-10780 was published for bibtex-ruby (RubyGems) Feb 14, 2020
Arbitrary file write in actionpack-page_caching gem Critical
CVE-2020-8159 was published for actionpack-page_caching (RubyGems) May 13, 2020
ActiveSupport potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore Critical
CVE-2020-8165 was published for activesupport (RubyGems) May 26, 2020
SQL Injection in Geocoder Critical
CVE-2020-7981 was published for geocoder (RubyGems) Jun 10, 2020
Unintended read access in kramdown gem Critical
CVE-2020-14001 was published for kramdown (RubyGems) Aug 7, 2020
Backdoor / Malicious code Critical
GHSA-q2hm-gx3f-h63q was published for lita-coin (RubyGems) Feb 23, 2021 withdrawn
Dragonfly contains remote code execution vulnerability Critical
CVE-2021-33564 was published for dragonfly (RubyGems) Jun 2, 2021
Remote code execution in ruby-jss Critical
CVE-2021-33575 was published for ruby-jss (RubyGems) Oct 6, 2021
OS Command Injection in ftpd Critical
CVE-2013-2512 was published for ftpd (RubyGems) Oct 12, 2021
Authentication Bypass by CSRF Weakness Critical
CVE-2021-41274 was published for solidus_auth_devise (RubyGems) Nov 18, 2021
ProTip! Advisories are also available from the GraphQL API