GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,079
Erlang
29
GitHub Actions
19
Go
1,905
Maven
5,000+
npm
3,637
NuGet
638
pip
3,256
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
8,921 advisories
Filter by severity
actionpack Cross-site Scripting vulnerability
Moderate
CVE-2011-2931
was published
for
actionpack
(RubyGems)
Oct 24, 2017
actionpack Improper Input Validation vulnerability
Moderate
CVE-2011-2929
was published
for
actionpack
(RubyGems)
Oct 24, 2017
activesupport Cross-site Scripting vulnerability
Moderate
CVE-2011-2932
was published
for
activesupport
(RubyGems)
Oct 24, 2017
Mail Gem Path Traversal vulnerability
Moderate
CVE-2012-2139
was published
for
mail
(RubyGems)
Oct 24, 2017
Mail Improper Input Validation vulnerability
Moderate
CVE-2011-0739
was published
for
mail
(RubyGems)
Oct 24, 2017
actionpack CRLF injection vulnerability
Moderate
CVE-2011-3186
was published
for
actionpack
(RubyGems)
Oct 24, 2017
gtk2 vulnerable to Use of Externally-Controlled Format String
Moderate
CVE-2007-6183
was published
for
gtk2
(RubyGems)
Oct 24, 2017
Active Record vulnerable to SQL Injection via nested query parameters
Moderate
CVE-2012-2661
was published
for
activerecord
(RubyGems)
Oct 24, 2017
Cross-Site Scripting in keystone
Moderate
CVE-2017-15878
was published
for
keystone
(npm)
Nov 15, 2017
cairo is vulnerable to denial of service due to a null pointer dereference
Moderate
CVE-2017-7475
was published
for
cairo
(RubyGems)
Nov 15, 2017
Cross-Site Scripting in keystone
Moderate
CVE-2017-15881
was published
for
keystone
(npm)
Nov 16, 2017
Gemirro Stored XSS in Gemspec "homepage" value
Moderate
CVE-2017-16833
was published
for
gemirro
(RubyGems)
Nov 29, 2017
Geminabox contains Cross-site Scripting
Moderate
CVE-2017-16792
was published
for
geminabox
(RubyGems)
Nov 29, 2017
private_address_check vulnerable to bypass of Resolv.getaddresses method
Moderate
CVE-2017-0904
was published
for
private_address_check
(RubyGems)
Nov 29, 2017
Moderate severity vulnerability that affects marked
Moderate
CVE-2017-17461
was published
for
marked
(npm)
Jan 4, 2018
•
withdrawn
Marked vulnerable to XSS from data URIs
Moderate
CVE-2017-1000427
was published
for
marked
(npm)
Jan 4, 2018
net-ldap Improper Certificate Validation vulnerability
Moderate
CVE-2017-17718
was published
for
net-ldap
(RubyGems)
Jan 6, 2018
Radiant CMS vulnerable to Cross-site Scripting
Moderate
CVE-2018-5216
was published
for
radiant
(RubyGems)
Jan 6, 2018
Cross-Site Scripting (XSS) in jquery
Moderate
CVE-2015-9251
was published
for
jQuery
(RubyGems)
Jan 22, 2018
Gyazo allows local users to write arbitrary files
Moderate
CVE-2014-4994
was published
for
gyazo
(RubyGems)
Jan 22, 2018
Sinatra Path Traversal vulnerability
Moderate
CVE-2018-7212
was published
for
sinatra
(RubyGems)
Feb 20, 2018
Ox gem stack overflow in sax_parse
Moderate
CVE-2017-16229
was published
for
ox
(RubyGems)
Mar 5, 2018
delayed_job_web Cross-site Scripting vulnerability
Moderate
CVE-2017-12097
was published
for
delayed_job_web
(RubyGems)
Mar 5, 2018
ProTip!
Advisories are also available from the
GraphQL API