Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

289 advisories

Loading
Puppet Improper Input Validation vulnerability High
CVE-2013-3567 was published for puppet (RubyGems) Oct 24, 2017
Puppet Improper Input Validation vulnerability High
CVE-2013-1655 was published for puppet (RubyGems) Oct 24, 2017
Active Record contains SQL Injection via improper range quoting High
CVE-2014-3483 was published for activerecord (RubyGems) Oct 24, 2017
HTTParty does not restrict casts of string values High
CVE-2013-1801 was published for httparty (RubyGems) Oct 24, 2017
Active Record subject to strong parameters protection bypass High
CVE-2014-3514 was published for activerecord (RubyGems) Oct 24, 2017
Kcapifony gem for Ruby places database user passwords on the command line High
CVE-2014-5001 was published for kcapifony (RubyGems) Jul 23, 2018
actionpack is vulnerable to denial of service because of a wildcard controller route High
CVE-2015-7581 was published for actionpack (RubyGems) Oct 24, 2017
gRPC Reachable Assertion issue High
CVE-2023-1428 was published for grpc (RubyGems) Jul 6, 2023
jonasfj
brbackup exposes database password to unauthorized users High
CVE-2014-5004 was published for brbackup (RubyGems) Mar 5, 2018
Connection confusion in gRPC High
CVE-2023-32731 was published for grpc (RubyGems) Jul 5, 2023
jmatosgrafana picatz
jonasfj
Denial of Service Vulnerability in Action View High
CVE-2019-5419 was published for actionview (RubyGems) Mar 13, 2019
activerecord vulnerable to SQL Injection High
CVE-2011-0448 was published for activerecord (RubyGems) Oct 24, 2017
tdunlap607
High severity vulnerability that affects thin High
CVE-2009-3287 was published for thin (RubyGems) Oct 24, 2017
High severity vulnerability that affects rails. High
CVE-2006-4112 was published for rails (RubyGems) Oct 24, 2017
Ruby on Rails vulnerable to code injection High
CVE-2006-4111 was published for rails (RubyGems) Oct 24, 2017
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in Pay High
CVE-2023-30614 was published for pay (RubyGems) Apr 20, 2023
p- excid3
Remote code execution in rwiki High
CVE-2006-2582 was published for rwiki (RubyGems) Oct 24, 2017
Decidim has broken access control in templates High
CVE-2023-36465 was published for decidim (RubyGems) Oct 5, 2023
andreslucena
Directory traversal vulnerability in Action View in Ruby on Rails High
CVE-2016-0752 was published for actionpack (RubyGems) Oct 24, 2017
Cross-site request forgery in rails_admin High
CVE-2016-10522 was published for rails_admin (RubyGems) Aug 8, 2018
Code injection in dragonfly gem High
CVE-2013-5671 was published for dragonfly (RubyGems) Oct 24, 2017
G-Rath
Rails ActiveRecord gem vulnerable to SQL injection High
CVE-2008-4094 was published for activerecord (RubyGems) Oct 24, 2017
jasnow
Sounder Contains Arbitrary Command Execution Vulnerability High
CVE-2013-5647 was published for sounder (RubyGems) Oct 24, 2017
Decidim vulnerable to sensitive data disclosure High
CVE-2023-34090 was published for decidim (RubyGems) Jul 11, 2023
p- ahukkanen
alecslupu
Shell command injection in command_wrap High
CVE-2013-1875 was published for command_wrap (RubyGems) Oct 24, 2017
ProTip! Advisories are also available from the GraphQL API