GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
864 advisories
Filter by severity
StimulusReflex arbitrary method call
High
CVE-2024-28121
was published
for
stimulus_reflex
(RubyGems)
Mar 12, 2024
TurboBoost Commands vulnerable to arbitrary method invocation
High
CVE-2024-28181
was published
for
@turbo-boost/commands
(RubyGems)
Mar 15, 2024
Cross-site Scripting (XSS) possible with maliciously formed HTML attribute names and values in Phlex
High
CVE-2024-28199
was published
for
phlex
(RubyGems)
Mar 12, 2024
discordrb OS Command Injection vulnerability
Critical
CVE-2023-28102
was published
for
discordrb
(RubyGems)
Mar 14, 2024
Path Traversal vulnerability that affects yard
High
CVE-2019-1020001
was published
for
yard
(RubyGems)
Jul 2, 2019
json-jwt allows bypass of identity checks via a sign/encryption confusion attack
Moderate
CVE-2023-51774
was published
for
json-jwt
(RubyGems)
Feb 29, 2024
Rack CORS Middleware has Insecure File Permissions
Moderate
CVE-2024-27456
was published
for
rack-cors
(RubyGems)
Feb 26, 2024
Rails has possible ReDoS vulnerability in Accept header parsing in Action Dispatch
Low
CVE-2024-26142
was published
for
actionpack
(RubyGems)
Feb 27, 2024
Sisimai Inefficient Regular Expression Complexity vulnerability
Moderate
CVE-2022-4891
was published
for
sisimai
(RubyGems)
Jan 17, 2023
Oxidized Web vulnerable to Cross-site Scripting
Moderate
CVE-2019-25088
was published
for
oxidized-web
(RubyGems)
Dec 27, 2022
Rack Header Parsing leads to Possible Denial of Service Vulnerability
Low
CVE-2024-26146
was published
for
rack
(RubyGems)
Feb 28, 2024
Rack has possible DoS Vulnerability with Range Header
Low
CVE-2024-26141
was published
for
rack
(RubyGems)
Feb 28, 2024
Withdrawn Advisory: Fat Free CRM Cross-site Scripting vulnerability
Moderate
CVE-2019-10226
was published
for
fat_free_crm
(RubyGems)
May 24, 2022
•
withdrawn
Cross-site scripting (XSS) in the dynamic file uploads
Moderate
CVE-2023-51447
was published
for
decidim
(RubyGems)
Feb 20, 2024
Possible CSRF attack at questionnaire templates preview
Moderate
CVE-2023-47635
was published
for
decidim-templates
(RubyGems)
Feb 20, 2024
Possibility to circumvent the invitation token expiry period
Moderate
CVE-2023-48220
was published
for
decidim
(RubyGems)
Feb 20, 2024
XSS sidekiq-unique-jobs UI server vulnerability
High
CVE-2024-25122
was published
for
sidekiq-unique-jobs
(RubyGems)
Feb 13, 2024
actionpack Open Redirect in Host Authorization Middleware
Moderate
CVE-2021-44528
was published
for
actionpack
(RubyGems)
Dec 14, 2021
OmniAuth Ruby gem Cross-site Request Forgery in request phase
High
CVE-2015-9284
was published
for
omniauth
(RubyGems)
May 29, 2019
rails vulnerable to improper authentication
Critical
CVE-2009-2422
was published
for
rails
(RubyGems)
Oct 24, 2017
Chef Improper Access Control vulnerability
Moderate
CVE-2010-5142
was published
for
chef
(RubyGems)
May 17, 2022
WEBrick Denial of Service Vulnerability
High
CVE-2008-4310
was published
for
webrick
(RubyGems)
May 2, 2022
Denial of Service in uap-core when processing crafted User-Agent strings
Moderate
CVE-2020-5243
was published
for
uap-core
(RubyGems)
Feb 20, 2020
Puppet arbitrary files overwrite via a symlink attack
Low
CVE-2010-0156
was published
for
puppet
(RubyGems)
May 2, 2022
ProTip!
Advisories are also available from the
GraphQL API