GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
864 advisories
Filter by severity
Cross-site Scripting in Chartkick
Moderate
CVE-2019-12732
was published
for
chartkick
(RubyGems)
Jun 7, 2019
Publify Improper Input Validation vulnerability
Critical
CVE-2023-0299
was published
for
publify_core
(RubyGems)
Jan 14, 2023
Publify Core does not strip metadata from images
Moderate
CVE-2022-2815
was published
for
publify_core
(RubyGems)
Jan 14, 2023
activesupport vulnerable to Denial of Service via large XML document depth
Moderate
CVE-2015-3227
was published
for
activesupport
(RubyGems)
Oct 24, 2017
private_address_check vulnerable to bypass of Resolv.getaddresses method
Moderate
CVE-2017-0904
was published
for
private_address_check
(RubyGems)
Nov 29, 2017
Loofah Cross-site Scripting vulnerability
Moderate
CVE-2018-16468
was published
for
loofah
(RubyGems)
Nov 1, 2018
Fat Free CRM subject to Cross-site Scripting
Moderate
CVE-2014-5441
was published
for
fat_free_crm
(RubyGems)
May 17, 2022
Fat Free CRM vulnerable to Exposure of Sensitive Information
Moderate
CVE-2013-7249
was published
for
fat_free_crm
(RubyGems)
May 17, 2022
Fat Free CRM vulnerable to SQL Injection
Moderate
CVE-2013-7225
was published
for
fat_free_crm
(RubyGems)
May 17, 2022
Fat Free CRM allows remote attackers to obtain sensitive information via a direct request
Moderate
CVE-2013-7224
was published
for
fat_free_crm
(RubyGems)
May 17, 2022
Fat Free CRM contains Cross-site Request Forgery vulnerablilities
Moderate
CVE-2013-7223
was published
for
fat_free_crm
(RubyGems)
May 17, 2022
backup-agoddard and backup_checksum have Information Exposure vulnerability
High
CVE-2014-4993
was published
for
backup-agoddard
(RubyGems)
May 14, 2022
Doorkeeper subject to Incorrect Permission Assignment
High
CVE-2018-1000211
was published
for
doorkeeper
(RubyGems)
Aug 13, 2018
private_address_check contains Incomplete List of Disallowed Inputs
High
CVE-2017-0909
was published
for
private_address_check
(RubyGems)
Nov 30, 2017
ExifTool vulnerable to arbitrary code execution
High
GHSA-q95h-cqrv-8jv5
was published
for
exiftool_vendored
(RubyGems)
Jan 20, 2023
active-support impersonates 'activesupport' gem
Critical
CVE-2018-3779
was published
for
active-support
(RubyGems)
Aug 13, 2018
personnummer/ruby vulnerable to Improper Input Validation
Low
GHSA-vp9c-fpxx-744v
was published
for
personnummer
(RubyGems)
Sep 23, 2020
Integer Overflow or Wraparound in libxml2 affects Nokogiri
High
GHSA-cgx6-hpwq-fhv5
was published
for
nokogiri
(RubyGems)
May 18, 2022
XML Injection in Xerces Java affects Nokogiri
Moderate
GHSA-xxx9-3xcr-gjj3
was published
for
nokogiri
(RubyGems)
Apr 11, 2022
Out-of-bounds Write in zlib affects Nokogiri
High
GHSA-v6gp-9mmm-c6p5
was published
for
nokogiri
(RubyGems)
Apr 11, 2022
Denial of Service (DoS) in Nokogiri on JRuby
High
GHSA-gx8x-g87m-h5q6
was published
for
nokogiri
(RubyGems)
Apr 11, 2022
Vulnerable dependencies in Nokogiri
High
GHSA-fq42-c5rg-92c2
was published
for
nokogiri
(RubyGems)
Feb 25, 2022
Pageflow vulnerable to sensitive user data extraction via Ransack query injection
High
GHSA-wrrw-crp8-979q
was published
for
pageflow
(RubyGems)
Sep 15, 2022
Pageflow vulnerable to insecure direct object reference in membership update endpoint
High
GHSA-qcqv-38jg-2r43
was published
for
pageflow
(RubyGems)
Sep 15, 2022
SQLite3 addresses vulnerability in packaged version of libsqlite
Low
GHSA-mgvv-5mxp-xq67
was published
for
sqlite3
(RubyGems)
Oct 3, 2022
ProTip!
Advisories are also available from the
GraphQL API