GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,089
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
832 advisories
Filter by severity
Sinatra vulnerable to Reflected File Download attack
High
CVE-2022-45442
was published
for
sinatra
(RubyGems)
Nov 30, 2022
Unsanitized input leading to code injection in Dalli
Low
CVE-2022-4064
was published
for
dalli
(RubyGems)
Nov 19, 2022
fluentd vulnerable to remote code execution due to insecure deserialization (in non-default configuration)
Low
CVE-2022-39379
was published
for
fluentd
(RubyGems)
Nov 2, 2022
Cross-site Scripting in actionpack
Low
CVE-2022-3704
was published
for
actionpack
(RubyGems)
Oct 27, 2022
•
withdrawn
Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Moderate
GHSA-2qc6-mcvw-92cw
was published
for
nokogiri
(RubyGems)
Oct 18, 2022
Fat Free CRM vulnerable to Remote Denial of Service via Tasks endpoint
Moderate
CVE-2022-39281
was published
for
fat_free_crm
(RubyGems)
Oct 7, 2022
protobuf-java has a potential Denial of Service issue
Moderate
CVE-2022-3171
was published
for
com.google.protobuf:protobuf-java
(RubyGems)
Oct 4, 2022
SQLite3 addresses vulnerability in packaged version of libsqlite
Low
GHSA-mgvv-5mxp-xq67
was published
for
sqlite3
(RubyGems)
Oct 3, 2022
Unbounded resource exhaustion in cmark-gfm autolink extension may lead to denial of service
Moderate
GHSA-4qw4-jpp4-8gvp
was published
for
commonmarker
(RubyGems)
Sep 21, 2022
arr-pm vulnerable to arbitrary shell execution when extracting or listing files contained in a malicious rpm.
High
CVE-2022-39224
was published
for
arr-pm
(RubyGems)
Sep 21, 2022
Pageflow vulnerable to insecure direct object reference in membership update endpoint
High
GHSA-qcqv-38jg-2r43
was published
for
pageflow
(RubyGems)
Sep 15, 2022
Pageflow vulnerable to sensitive user data extraction via Ransack query injection
High
GHSA-wrrw-crp8-979q
was published
for
pageflow
(RubyGems)
Sep 15, 2022
PDFKit vulnerable to Command Injection
Critical
CVE-2022-25765
was published
for
pdfkit
(RubyGems)
Sep 10, 2022
OmniAuth's `lib/omniauth/failure_endpoint.rb` does not escape `message_key` value
Critical
CVE-2020-36599
was published
for
omniauth
(RubyGems)
Aug 19, 2022
update_by_case before 0.1.3 can be vulnerable to sql injection
Moderate
CVE-2022-35956
was published
for
update_by_case
(RubyGems)
Aug 11, 2022
administrate vulnerable to Cross-Site Request Forgery
Moderate
CVE-2016-3098
was published
for
administrate
(RubyGems)
Aug 6, 2022
TZInfo relative path traversal vulnerability allows loading of arbitrary files
High
CVE-2022-31163
was published
for
tzinfo
(RubyGems)
Jul 21, 2022
jQuery UI vulnerable to XSS when refreshing a checkboxradio with an HTML-like initial text label
Moderate
CVE-2022-31160
was published
for
jQuery.UI.Combined
(RubyGems)
Jul 18, 2022
Gollum Cross-site Scripting vulnerability via filename parameter to New Page dialog
Moderate
CVE-2020-35305
was published
for
gollum
(RubyGems)
Jul 16, 2022
Active Record RCE bug with Serialized Columns
Critical
CVE-2022-32224
was published
for
activerecord
(RubyGems)
Jul 12, 2022
opensearch-ruby 2.x before 2.0.2 vulnerable to unsafe YAML deserialization
High
CVE-2022-31115
was published
for
opensearch-ruby
(RubyGems)
Jul 5, 2022
Ember.js Potential XSS Exploit When Binding `tagName` to User-Supplied Data
Moderate
CVE-2013-4170
was published
for
ember-source
(RubyGems)
Jul 1, 2022
OS Command Injection in awesome spawn
Critical
CVE-2014-0156
was published
for
awesome_spawn
(RubyGems)
Jul 1, 2022
Externally Controlled Reference to a Resource in Another Sphere in ruby-mysql
Moderate
CVE-2021-3779
was published
for
ruby-mysql
(RubyGems)
Jun 29, 2022
ProTip!
Advisories are also available from the
GraphQL API