Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,954
Erlang
29
GitHub Actions
16
Go
1,740
Maven
4,967
npm
3,504
NuGet
607
pip
3,064
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+

388 advisories

Publify contains Weak Password Requirements Moderate
CVE-2023-0569 was published for publify_core (RubyGems) Jan 29, 2023
Improper neutralization of `noscript` element content may allow XSS in Sanitize Moderate
CVE-2023-23627 was published for sanitize (RubyGems) Jan 28, 2023
leeN
xaviershay-dm-rails Gem for Ruby exposes sensitive information via the process table Moderate
CVE-2015-2179 was published for xaviershay-dm-rails (RubyGems) Jan 26, 2023
Several quadratic complexity bugs may lead to denial of service in Commonmarker Moderate
GHSA-636f-xm5j-pj9m was published for commonmarker (RubyGems) Jan 24, 2023
Open Redirect Vulnerability in Action Pack Moderate
CVE-2023-22797 was published for actionpack (RubyGems) Jan 18, 2023
Sisimai Inefficient Regular Expression Complexity vulnerability Moderate
CVE-2022-4891 was published for sisimai (RubyGems) Jan 17, 2023
Publify Core does not strip metadata from images Moderate
CVE-2022-2815 was published for publify_core (RubyGems) Jan 14, 2023
Inline SVG vulnerable to Cross-site Scripting Moderate
CVE-2020-36644 was published for inline_svg (RubyGems) Jan 7, 2023
httparty has multipart/form-data request tampering vulnerability Moderate
CVE-2024-22049 was published for httparty (RubyGems) Jan 3, 2023
motoyasu-saburi
keynote Cross-site Scripting vulnerability Moderate
CVE-2017-20159 was published for keynote (RubyGems) Dec 31, 2022
Oxidized Web vulnerable to Cross-site Scripting Moderate
CVE-2019-25088 was published for oxidized-web (RubyGems) Dec 27, 2022
text_helpers uses web link to untrusted target with window.opener access Moderate
CVE-2020-36624 was published for text_helpers (RubyGems) Dec 22, 2022
Possible XSS vulnerability with certain configurations of rails-html-sanitizer Moderate
CVE-2022-23520 was published for rails-html-sanitizer (RubyGems) Dec 13, 2022
Possible XSS vulnerability with certain configurations of rails-html-sanitizer Moderate
CVE-2022-23519 was published for rails-html-sanitizer (RubyGems) Dec 13, 2022
Improper neutralization of data URIs may allow XSS in rails-html-sanitizer Moderate
CVE-2022-23518 was published for rails-html-sanitizer (RubyGems) Dec 13, 2022
Improper neutralization of data URIs may allow XSS in Loofah Moderate
CVE-2022-23515 was published for loofah (RubyGems) Dec 13, 2022
Duplicate Advisory: Resque Scheduler Reflected XSS In Delayed Jobs View Moderate
GHSA-q7jc-v6f2-q9jr was published for resque-scheduler (RubyGems) Dec 13, 2022 withdrawn
Update bundled libxml2 to v2.10.3 to resolve multiple CVEs Moderate
GHSA-2qc6-mcvw-92cw was published for nokogiri (RubyGems) Oct 18, 2022
Fat Free CRM vulnerable to Remote Denial of Service via Tasks endpoint Moderate
CVE-2022-39281 was published for fat_free_crm (RubyGems) Oct 7, 2022
p-
protobuf-java has a potential Denial of Service issue Moderate
CVE-2022-3171 was published for com.google.protobuf:protobuf-java (RubyGems) Oct 4, 2022
Unbounded resource exhaustion in cmark-gfm autolink extension may lead to denial of service Moderate
GHSA-4qw4-jpp4-8gvp was published for commonmarker (RubyGems) Sep 21, 2022
update_by_case before 0.1.3 can be vulnerable to sql injection Moderate
CVE-2022-35956 was published for update_by_case (RubyGems) Aug 11, 2022
administrate vulnerable to Cross-Site Request Forgery Moderate
CVE-2016-3098 was published for administrate (RubyGems) Aug 6, 2022
jQuery UI vulnerable to XSS when refreshing a checkboxradio with an HTML-like initial text label Moderate
CVE-2022-31160 was published for jQuery.UI.Combined (RubyGems) Jul 18, 2022
Elkano
Gollum Cross-site Scripting vulnerability via filename parameter to New Page dialog Moderate
CVE-2020-35305 was published for gollum (RubyGems) Jul 16, 2022
ProTip! Advisories are also available from the GraphQL API