GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,980
Erlang
29
GitHub Actions
16
Go
1,769
Maven
4,994
npm
3,540
NuGet
616
pip
3,110
Pub
10
RubyGems
837
Rust
787
Swift
34
Unreviewed advisories
All unreviewed
5,000+
289 advisories
Filter by severity
Rack allows Percent-encoded cookies to overwrite existing prefixed cookie names
High
CVE-2020-8184
was published
for
rack
(RubyGems)
Jun 24, 2020
Ruby-saml allows attackers to perform XML signature wrapping attacks
High
CVE-2016-5697
was published
for
ruby-saml
(RubyGems)
Aug 21, 2018
Ox gem crashes due to a crafted input
High
CVE-2017-15928
was published
for
ox
(RubyGems)
Nov 21, 2017
Omniauth allows POST parameters to be stored in session
High
CVE-2017-18076
was published
for
omniauth
(RubyGems)
Jan 29, 2018
Nokogiri gem, via libxml, is affected by DoS vulnerabilities
High
CVE-2017-15412
was published
for
nokogiri
(RubyGems)
May 14, 2022
Nokogiri NULL Pointer Dereference
High
CVE-2018-14404
was published
for
nokogiri
(RubyGems)
Jan 17, 2019
Nokogiri subject to DoS via libxml2 vulnerability
High
CVE-2015-5312
was published
for
nokogiri
(RubyGems)
Aug 21, 2018
Ruby_parser-legacy Incorrect Permission Assignment for Critical Resource
High
CVE-2019-18409
was published
for
ruby_parser-legacy
(RubyGems)
Oct 25, 2019
JSON-jwt Gem lacked element count during splitting of JWE string
High
CVE-2019-18848
was published
for
json-jwt
(RubyGems)
Nov 14, 2019
RubyGems vulnerable to DNS hijack attack
High
CVE-2015-3900
was published
for
rubygems-update
(RubyGems)
May 14, 2022
Pgsync Contains Cleartext Transmission of Sensitive Information
High
CVE-2021-31671
was published
for
pgsync
(RubyGems)
Apr 27, 2021
Publify Business Logic Errors
High
CVE-2022-0524
was published
for
publify_core
(RubyGems)
Feb 9, 2022
private_address_check contains race condition
High
CVE-2018-3759
was published
for
private_address_check
(RubyGems)
Jul 31, 2018
Moped Rubygem Data Injection Vulnerability
High
CVE-2015-4410
was published
for
moped
(RubyGems)
Aug 19, 2020
nori contains Improper Input Validation
High
CVE-2013-0285
was published
for
nori
(RubyGems)
Oct 24, 2017
BSON rubygem contains potential denial of service
High
CVE-2015-4411
was published
for
bson
(RubyGems)
Apr 29, 2020
Clearance Gem Open Redirect Vulnerability
High
CVE-2021-23435
was published
for
clearance
(RubyGems)
Sep 13, 2021
activesupport in Rails vulnerable to incorrect data conversion
High
CVE-2013-0333
was published
for
activesupport
(RubyGems)
Oct 24, 2017
Denial of Service Vulnerability in ActiveRecord's PostgreSQL adapter
High
CVE-2022-44566
was published
for
activerecord
(RubyGems)
Jan 18, 2023
Path Traversal in Action View
High
CVE-2019-5418
was published
for
actionview
(RubyGems)
Mar 13, 2019
Possible DoS Vulnerability in Action Controller Token Authentication
High
CVE-2021-22904
was published
for
actionpack
(RubyGems)
May 5, 2021
Denial of Service in Action Dispatch
High
CVE-2021-22902
was published
for
actionpack
(RubyGems)
May 5, 2021
Improper Certificate Validation in EM-HTTP-Request
High
CVE-2020-13482
was published
for
em-http-request
(RubyGems)
May 24, 2021
ProTip!
Advisories are also available from the
GraphQL API