GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
838 advisories
Resque vulnerable to Reflected Cross Site Scripting through pathnames
Moderate
CVE-2023-50724
was published
for
resque
(RubyGems)
Dec 18, 2023
Bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2018-14042
was published
for
bootstrap
(RubyGems)
Sep 13, 2018
Bootstrap vulnerable to Cross-Site Scripting (XSS)
Moderate
CVE-2018-14040
was published
for
bootstrap
(RubyGems)
May 13, 2022
Cookie Prefix Spoofing in CGI::Cookie.parse
High
CVE-2021-41819
was published
for
cgi
(RubyGems)
Jan 21, 2022
Buffer overrun in CGI.escape_html
Critical
CVE-2021-41816
was published
for
cgi
(RubyGems)
Dec 14, 2021
Regular expression denial of service vulnerability (ReDoS) in date
High
CVE-2021-41817
was published
for
date
(RubyGems)
Nov 16, 2021
Exposure of information in Action Pack
High
CVE-2022-23633
was published
for
actionpack
(RubyGems)
Feb 11, 2022
Rails::Html::Sanitizer vulnerable to Cross-site Scripting
Moderate
CVE-2022-32209
was published
for
rails-html-sanitizer
(RubyGems)
Jun 25, 2022
SQL Injection Vulnerability via ActiveRecord comments
High
CVE-2023-22794
was published
for
activerecord
(RubyGems)
Jan 18, 2023
ReDoS based DoS vulnerability in Action Dispatch
Low
CVE-2023-22792
was published
for
actionpack
(RubyGems)
Jan 18, 2023
Denial of Service in uap-core when processing crafted User-Agent strings
Moderate
CVE-2020-5243
was published
for
uap-core
(RubyGems)
Feb 20, 2020
OmniAuth Ruby gem Cross-site Request Forgery in request phase
High
CVE-2015-9284
was published
for
omniauth
(RubyGems)
May 29, 2019
ProTip!
Advisories are also available from the
GraphQL API