GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
388 advisories
Filter by severity
Fat Free CRM has fixed token value
Moderate
CVE-2013-7222
was published
for
fat_free_crm
(RubyGems)
May 17, 2022
Fat Free CRM contains Cross-site Request Forgery vulnerablilities
Moderate
CVE-2013-7223
was published
for
fat_free_crm
(RubyGems)
May 17, 2022
Fat Free CRM vulnerable to SQL Injection
Moderate
CVE-2013-7225
was published
for
fat_free_crm
(RubyGems)
May 17, 2022
Fat Free CRM allows remote attackers to obtain sensitive information via a direct request
Moderate
CVE-2013-7224
was published
for
fat_free_crm
(RubyGems)
May 17, 2022
Fat Free CRM vulnerable to Exposure of Sensitive Information
Moderate
CVE-2013-7249
was published
for
fat_free_crm
(RubyGems)
May 17, 2022
RubyGems HTTPS to HTTP redirect
Moderate
CVE-2012-2125
was published
for
rubygems-update
(RubyGems)
May 17, 2022
RubyGems does not verify SSL certificate
Moderate
CVE-2012-2126
was published
for
rubygems-update
(RubyGems)
May 17, 2022
GitLab Grit Gem for Ruby contains a flaw allowing arbitrary commands to be executed
Moderate
CVE-2013-4489
was published
for
gitlab-grit
(RubyGems)
May 17, 2022
Fat Free CRM subject to Cross-site Scripting
Moderate
CVE-2014-5441
was published
for
fat_free_crm
(RubyGems)
May 17, 2022
Sup Code Injection vulnerability
Moderate
CVE-2013-4479
was published
for
sup
(RubyGems)
May 17, 2022
ccsv Double Free vulnerability
Moderate
CVE-2017-15364
was published
for
ccsv
(RubyGems)
May 17, 2022
RubyGems Regular Expression Denial of Service
Moderate
CVE-2013-4363
was published
for
rubygems-update
(RubyGems)
May 17, 2022
RubyGems Improper Input Validation vulnerability
Moderate
CVE-2015-4020
was published
for
rubygems-update
(RubyGems)
May 17, 2022
Publify exposes article metadata
Moderate
CVE-2022-1553
was published
for
publify_core
(RubyGems)
May 17, 2022
Publify Incorrect Authorization
Moderate
CVE-2022-0574
was published
for
publify_core
(RubyGems)
May 17, 2022
Publify vulnerable to code injection
Moderate
CVE-2022-0578
was published
for
publify_core
(RubyGems)
May 17, 2022
VladTheEnterprising allows local users to write to arbitrary files via a symlink attack
Moderate
CVE-2014-4996
was published
for
VladTheEnterprising
(RubyGems)
May 14, 2022
ldap_fluff authentication bypass
Moderate
CVE-2012-5604
was published
for
ldap_fluff
(RubyGems)
May 14, 2022
Ember.js Cross-site Scripting vulnerability
Moderate
CVE-2014-0013
was published
for
ember-source
(RubyGems)
May 14, 2022
xapian-core Cross-site Scripting vulnerability
Moderate
CVE-2018-0499
was published
for
xapian-core
(RubyGems)
May 14, 2022
Fat Free CRM Cross-Site Request Forgery vulnerability
Moderate
CVE-2015-1585
was published
for
fat_free_crm
(RubyGems)
May 14, 2022
Spree allows remote attackers to obtain sensitive information
Moderate
CVE-2010-3978
was published
for
spree
(RubyGems)
May 14, 2022
ember-source Cross-site Scripting vulnerability
Moderate
CVE-2014-0014
was published
for
ember-source
(RubyGems)
May 14, 2022
AlchemyCMS is vulnerable to stored XSS via the /admin/pictures image field
Moderate
CVE-2018-18307
was published
for
alchemy_cms
(RubyGems)
May 14, 2022
RubyGems Path Traversal vulnerability
Moderate
CVE-2018-1000079
was published
for
org.jruby:jruby-stdlib
(RubyGems)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API