Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,958
Erlang
29
GitHub Actions
16
Go
1,745
Maven
4,971
npm
3,507
NuGet
609
pip
3,066
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+

388 advisories

Resque vulnerable to reflected XSS in Queue Endpoint Moderate
CVE-2023-50727 was published for resque (RubyGems) Dec 18, 2023
priya-hinduja PatrickTulskie
Duplicate Advisory: Resque Scheduler Reflected XSS In Delayed Jobs View Moderate
GHSA-q7jc-v6f2-q9jr was published for resque-scheduler (RubyGems) Dec 13, 2022 withdrawn
xaviershay-dm-rails Gem for Ruby exposes sensitive information via the process table Moderate
CVE-2015-2179 was published for xaviershay-dm-rails (RubyGems) Jan 26, 2023
CarrierWave Content-Type allowlist bypass vulnerability, possibly leading to XSS Moderate
CVE-2023-49090 was published for carrierwave (RubyGems) Nov 29, 2023
a-zara-n
Bootstrap Vulnerable to Cross-Site Scripting Moderate
CVE-2019-8331 was published for Bootstrap.Less (RubyGems) Feb 22, 2019
Logstash Logs Sensitive Information Moderate
CVE-2016-10362 was published for logstash-core (RubyGems) May 13, 2022
Rubyzip denial of service Moderate
CVE-2019-16892 was published for rubyzip (RubyGems) Sep 30, 2019
tdunlap607
memory leak flaw was found in ruby-magick Moderate
CVE-2023-5349 was published for rmagick (RubyGems) Oct 30, 2023
protocol-http1 HTTP Request/Response Smuggling vulnerability Moderate
CVE-2023-38697 was published for protocol-http1 (RubyGems) Aug 3, 2023
mukeran chenjj
ioquatix
actionpack Improper Input Validation vulnerability Moderate
CVE-2014-0082 was published for actionpack (RubyGems) Oct 24, 2017
activemodel contains Improper Input Validation Moderate
CVE-2016-0753 was published for activemodel (RubyGems) Oct 24, 2017
gRPC connection termination issue Moderate
CVE-2023-32732 was published for grpc (RubyGems) Jul 6, 2023
jonasfj
WEBrick Improper Input Validation vulnerability Moderate
CVE-2009-4492 was published for webrick (RubyGems) Oct 24, 2017
G-Rath
actionpack Cross-site Scripting vulnerability Moderate
CVE-2013-1857 was published for actionpack (RubyGems) Oct 24, 2017
omniauth-facebook Cross-Site Request Forgery vulnerability Moderate
CVE-2013-4562 was published for omniauth-facebook (RubyGems) Oct 24, 2017
activesupport Cross-site Scripting vulnerability Moderate
CVE-2015-3226 was published for activesupport (RubyGems) Oct 24, 2017
actionpack Cross-site Scripting vulnerability Moderate
CVE-2012-3463 was published for actionpack (RubyGems) Oct 24, 2017
ShayAry
will_paginate Cross-site Scripting vulnerability Moderate
CVE-2013-6459 was published for will_paginate (RubyGems) Oct 24, 2017
Authentication Bypass in Devise Moderate
CVE-2019-16109 was published for devise (RubyGems) Sep 11, 2019
activesupport Cross-site Scripting vulnerability Moderate
CVE-2012-1098 was published for activesupport (RubyGems) Oct 24, 2017
actionpack Cross-site Scripting vulnerability Moderate
CVE-2012-3465 was published for actionpack (RubyGems) Oct 24, 2017
ShayAry
actionpack Improper Authentication vulnerability Moderate
CVE-2012-3424 was published for actionpack (RubyGems) Oct 24, 2017
ShayAry
actionpack Improper Input Validation vulnerability Moderate
CVE-2011-3187 was published for actionpack (RubyGems) Oct 24, 2017
actionpack Cross-site Scripting vulnerability Moderate
CVE-2011-2931 was published for actionpack (RubyGems) Oct 24, 2017
activesupport Cross-site Scripting vulnerability Moderate
CVE-2011-2932 was published for activesupport (RubyGems) Oct 24, 2017
ProTip! Advisories are also available from the GraphQL API