GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,776
Maven
5,000+
npm
3,542
NuGet
617
pip
3,125
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+
8,693 advisories
Filter by severity
actionpack Cross-Site Request Forgery vulnerability
Moderate
CVE-2011-0447
was published
for
actionpack
(RubyGems)
Oct 24, 2017
Improper Input Validation in actionpack
Moderate
CVE-2008-7248
was published
for
actionpack
(RubyGems)
Oct 24, 2017
Cross-site Scripting vulnerability in i18n translations helper method
Moderate
CVE-2011-4319
was published
for
actionpack
(RubyGems)
Oct 24, 2017
Rails activerecord gem has Improper Input Validation vulnerability
Moderate
CVE-2010-3933
was published
for
activerecord
(RubyGems)
Oct 24, 2017
rails Cross-site Scripting vulnerability
Moderate
CVE-2011-2197
was published
for
actionpack
(RubyGems)
Oct 24, 2017
Cross site scripting that affects rails
Moderate
CVE-2009-3009
was published
for
actionpack
(RubyGems)
Oct 24, 2017
Cross-site Scripting in jquery-ui
Moderate
CVE-2010-5312
was published
for
jQuery.UI.Combined
(RubyGems)
Oct 24, 2017
Moderate severity vulnerability that affects rails
Moderate
CVE-2009-4214
was published
for
rails
(RubyGems)
Oct 24, 2017
Moderate severity vulnerability that affects rails
Moderate
CVE-2007-3227
was published
for
rails
(RubyGems)
Oct 24, 2017
rails is vulnerable to CRLF injection
Moderate
CVE-2008-5189
was published
for
rails
(RubyGems)
Oct 24, 2017
Moderate severity vulnerability that affects rails
Moderate
CVE-2007-5379
was published
for
rails
(RubyGems)
Oct 24, 2017
Session fixation vulnerability in Rails
Moderate
CVE-2007-5380
was published
for
rails
(RubyGems)
Oct 24, 2017
session fixation protection mechanism in cgi_process.rb in Rails
Moderate
CVE-2007-6077
was published
for
rails
(RubyGems)
Oct 24, 2017
Rails actionpack gem vulnerable to Cross-site Scripting
Moderate
CVE-2011-0446
was published
for
actionpack
(RubyGems)
Oct 24, 2017
actionpack and activesupport vulnerable to information leaks
Moderate
CVE-2009-3086
was published
for
actionpack
(RubyGems)
Oct 24, 2017
Rack Vulnerable to Path Traversal
Moderate
CVE-2013-0262
was published
for
rack
(RubyGems)
Oct 24, 2017
Pupper does not properly restrict characters in Common Name field of Certificate Signing Request
Moderate
CVE-2012-3867
was published
for
puppet
(RubyGems)
Oct 24, 2017
actionpack Cross-site Scripting vulnerability
Moderate
CVE-2013-1855
was published
for
actionpack
(RubyGems)
Oct 24, 2017
actionpack vulnerable to Cross-site Scripting
Moderate
CVE-2013-4491
was published
for
actionpack
(RubyGems)
Oct 24, 2017
Active Record Improper Input Validation
Moderate
CVE-2013-1854
was published
for
activerecord
(RubyGems)
Oct 24, 2017
Puppet allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service
Moderate
CVE-2013-4761
was published
for
puppet
(RubyGems)
Oct 24, 2017
Active Record allows bypassing of database-query restrictions
Moderate
CVE-2013-0155
was published
for
activerecord
(RubyGems)
Oct 24, 2017
ActiveRecord vulnerable to modification of protected model attributes
Moderate
CVE-2013-0276
was published
for
activerecord
(RubyGems)
Oct 24, 2017
actionpack Cross-site Scripting vulnerability
Moderate
CVE-2012-3463
was published
for
actionpack
(RubyGems)
Oct 24, 2017
ProTip!
Advisories are also available from the
GraphQL API