GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
289 advisories
Filter by severity
Puppet Improper Input Validation vulnerability
High
CVE-2013-3567
was published
for
puppet
(RubyGems)
Oct 24, 2017
Puppet Improper Input Validation vulnerability
High
CVE-2013-1655
was published
for
puppet
(RubyGems)
Oct 24, 2017
Active Record contains SQL Injection via improper range quoting
High
CVE-2014-3483
was published
for
activerecord
(RubyGems)
Oct 24, 2017
HTTParty does not restrict casts of string values
High
CVE-2013-1801
was published
for
httparty
(RubyGems)
Oct 24, 2017
Active Record subject to strong parameters protection bypass
High
CVE-2014-3514
was published
for
activerecord
(RubyGems)
Oct 24, 2017
Kcapifony gem for Ruby places database user passwords on the command line
High
CVE-2014-5001
was published
for
kcapifony
(RubyGems)
Jul 23, 2018
actionpack is vulnerable to denial of service because of a wildcard controller route
High
CVE-2015-7581
was published
for
actionpack
(RubyGems)
Oct 24, 2017
brbackup exposes database password to unauthorized users
High
CVE-2014-5004
was published
for
brbackup
(RubyGems)
Mar 5, 2018
Denial of Service Vulnerability in Action View
High
CVE-2019-5419
was published
for
actionview
(RubyGems)
Mar 13, 2019
activerecord vulnerable to SQL Injection
High
CVE-2011-0448
was published
for
activerecord
(RubyGems)
Oct 24, 2017
High severity vulnerability that affects thin
High
CVE-2009-3287
was published
for
thin
(RubyGems)
Oct 24, 2017
High severity vulnerability that affects rails.
High
CVE-2006-4112
was published
for
rails
(RubyGems)
Oct 24, 2017
Ruby on Rails vulnerable to code injection
High
CVE-2006-4111
was published
for
rails
(RubyGems)
Oct 24, 2017
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in Pay
High
CVE-2023-30614
was published
for
pay
(RubyGems)
Apr 20, 2023
Decidim has broken access control in templates
High
CVE-2023-36465
was published
for
decidim
(RubyGems)
Oct 5, 2023
Directory traversal vulnerability in Action View in Ruby on Rails
High
CVE-2016-0752
was published
for
actionpack
(RubyGems)
Oct 24, 2017
Cross-site request forgery in rails_admin
High
CVE-2016-10522
was published
for
rails_admin
(RubyGems)
Aug 8, 2018
Code injection in dragonfly gem
High
CVE-2013-5671
was published
for
dragonfly
(RubyGems)
Oct 24, 2017
Rails ActiveRecord gem vulnerable to SQL injection
High
CVE-2008-4094
was published
for
activerecord
(RubyGems)
Oct 24, 2017
Sounder Contains Arbitrary Command Execution Vulnerability
High
CVE-2013-5647
was published
for
sounder
(RubyGems)
Oct 24, 2017
Decidim vulnerable to sensitive data disclosure
High
CVE-2023-34090
was published
for
decidim
(RubyGems)
Jul 11, 2023
Shell command injection in command_wrap
High
CVE-2013-1875
was published
for
command_wrap
(RubyGems)
Oct 24, 2017
ProTip!
Advisories are also available from the
GraphQL API