GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
388 advisories
Filter by severity
Improper neutralization of `noscript` element content may allow XSS in Sanitize
Moderate
CVE-2023-23627
was published
for
sanitize
(RubyGems)
Jan 28, 2023
Rack arbitrary code execution via timing attack
Moderate
CVE-2013-0263
was published
for
rack
(RubyGems)
May 5, 2022
Publify contains Weak Password Requirements
Moderate
CVE-2023-0569
was published
for
publify_core
(RubyGems)
Jan 29, 2023
rails-html-sanitizer Cross-site Scripting vulnerability
Moderate
CVE-2018-3741
was published
for
rails-html-sanitizer
(RubyGems)
Apr 26, 2018
sprockets vulnerable to Path Traversal
Moderate
CVE-2014-7819
was published
for
sprockets
(RubyGems)
Oct 24, 2017
Camaleon CMS vulnerable to Server-Side Request Forgery
Moderate
CVE-2021-25972
was published
for
camaleon_cms
(RubyGems)
May 24, 2022
Camaleon CMS vulnerable to Stored Cross-site Scripting
Moderate
CVE-2018-18260
was published
for
camaleon_cms
(RubyGems)
May 13, 2022
Camaleon CMS vulnerable to Uncaught Exception
Moderate
CVE-2021-25971
was published
for
camaleon_cms
(RubyGems)
May 24, 2022
katello SQL Injection vulnerability
Moderate
CVE-2018-14623
was published
for
katello
(RubyGems)
May 13, 2022
administrate vulnerable to Cross-Site Request Forgery
Moderate
CVE-2016-3098
was published
for
administrate
(RubyGems)
Aug 6, 2022
katello Cross-site Scripting vulnerability
Moderate
CVE-2018-16887
was published
for
katello
(RubyGems)
May 14, 2022
xapian-core Cross-site Scripting vulnerability
Moderate
CVE-2018-0499
was published
for
xapian-core
(RubyGems)
May 14, 2022
ccsv Double Free vulnerability
Moderate
CVE-2017-15364
was published
for
ccsv
(RubyGems)
May 17, 2022
RubyGems file overwrite vulnerability
Moderate
CVE-2007-0469
was published
for
rubygems-update
(RubyGems)
May 1, 2022
Rack vulnerable to Denial of Service
Moderate
CVE-2013-0184
was published
for
rack
(RubyGems)
May 5, 2022
Gem in a Box vulnerable to Cross-site Scripting
Moderate
CVE-2017-14506
was published
for
geminabox
(RubyGems)
May 13, 2022
RubyGems Path Traversal vulnerability
Moderate
CVE-2018-1000079
was published
for
org.jruby:jruby-stdlib
(RubyGems)
May 14, 2022
RubyGems Improper Input Validation vulnerability
Moderate
CVE-2018-1000077
was published
for
org.jruby:jruby-stdlib
(RubyGems)
May 14, 2022
RubyGems Cross-site Scripting vulnerability
Moderate
CVE-2018-1000078
was published
for
org.jruby:jruby-stdlib
(RubyGems)
May 14, 2022
Doorkeeper-openid_connect contains Open Redirect
Moderate
CVE-2019-9837
was published
for
doorkeeper-openid_connect
(RubyGems)
Mar 25, 2019
Gollum Exposure of Sensitive Information
Moderate
CVE-2015-7314
was published
for
gollum
(RubyGems)
Aug 28, 2018
grape subject to Cross-site Scripting
Moderate
CVE-2018-3769
was published
for
grape
(RubyGems)
Aug 13, 2018
Geminabox contains Cross-site Scripting
Moderate
CVE-2017-16792
was published
for
geminabox
(RubyGems)
Nov 29, 2017
Possible XSS Security Vulnerability in SafeBuffer#bytesplice
Moderate
CVE-2023-28120
was published
for
activesupport
(RubyGems)
Mar 15, 2023
Reflective Cross-site Scripting Vulnerability in twitter-bootstrap-rails
Moderate
CVE-2014-4920
was published
for
twitter-bootstrap-rails
(RubyGems)
Mar 16, 2023
ProTip!
Advisories are also available from the
GraphQL API