Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,991
Erlang
29
GitHub Actions
16
Go
1,779
Maven
5,000+
npm
3,544
NuGet
619
pip
3,134
Pub
10
RubyGems
838
Rust
793
Swift
34
Unreviewed advisories
All unreviewed
5,000+

289 advisories

Loading
OS Command Injection in MiniMagick High
CVE-2019-13574 was published for mini_magick (RubyGems) Jul 18, 2019
samlr XML nodes comment attack High
CVE-2018-20857 was published for samlr (RubyGems) Jul 31, 2019
Ruby_parser-legacy Incorrect Permission Assignment for Critical Resource High
CVE-2019-18409 was published for ruby_parser-legacy (RubyGems) Oct 25, 2019
JSON-jwt Gem lacked element count during splitting of JWE string High
CVE-2019-18848 was published for json-jwt (RubyGems) Nov 14, 2019
Prototype Pollution in chartkick High
CVE-2019-18841 was published for chartkick (RubyGems) Dec 2, 2019
XSS/Script injection vulnerability in matestack High
CVE-2020-5241 was published for matestack-ui-core (RubyGems) Feb 12, 2020
PragTob tdunlap607
libxml as used in Nokogiri has an infinite loop in a certain end-of-file situation High
CVE-2020-7595 was published for nokogiri (RubyGems) Feb 24, 2020
Denial of Service in uap-core when processing crafted User-Agent strings High
GHSA-pcqq-5962-hvcw was published for user_agent_parser (RubyGems) Mar 10, 2020
bcaller
Sort order SQL injection in Administrate High
CVE-2020-5257 was published for administrate (RubyGems) Mar 13, 2020
becojo
BSON rubygem contains potential denial of service High
CVE-2015-4411 was published for bson (RubyGems) Apr 29, 2020
Authentication and extension bypass in Faye High
CVE-2020-11020 was published for faye (RubyGems) Apr 29, 2020
Exposure of Sensitive Information to an Unauthorized Actor in Doorkeeper High
CVE-2020-10187 was published for doorkeeper (RubyGems) May 7, 2020
stefansundin nbulaj
Improper Restriction of Excessive Authentication Attempts in Sorcery High
CVE-2020-11052 was published for sorcery (RubyGems) May 7, 2020
futuretap
Information disclosure issue in Active Resource High
CVE-2020-8151 was published for activeresource (RubyGems) May 21, 2020
HTTP Smuggling via Transfer-Encoding Header in Puma High
CVE-2020-11076 was published for puma (RubyGems) May 22, 2020
ZeddYu
Possible Strong Parameters Bypass in ActionPack High
CVE-2020-8164 was published for actionpack (RubyGems) May 26, 2020
navhits
Circumvention of file size limits in ActiveStorage High
CVE-2020-8162 was published for activestorage (RubyGems) May 26, 2020
Regular Expression Denial of Service in websocket-extensions (RubyGem) High
CVE-2020-7663 was published for websocket-extensions (RubyGems) Jun 5, 2020
Cross-site Scripting in Sanitize High
CVE-2020-4054 was published for sanitize (RubyGems) Jun 16, 2020
Rack allows Percent-encoded cookies to overwrite existing prefixed cookie names High
CVE-2020-8184 was published for rack (RubyGems) Jun 24, 2020
Directory traversal in Rack::Directory app bundled with Rack High
CVE-2020-8161 was published for rack (RubyGems) Jul 6, 2020
Remote code execution via user-provided local names in ActionView High
CVE-2020-8163 was published for actionview (RubyGems) Jul 7, 2020
Unsafe object creation in json RubyGem High
CVE-2020-10663 was published for json (RubyGems) Jul 27, 2020
Missing TLS certificate verification High
CVE-2020-15134 was published for faye (RubyGems) Jul 31, 2020
Missing TLS certificate verification in faye-websocket High
CVE-2020-15133 was published for faye-websocket (RubyGems) Jul 31, 2020
ProTip! Advisories are also available from the GraphQL API