Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,980
Erlang
29
GitHub Actions
16
Go
1,769
Maven
4,994
npm
3,540
NuGet
616
pip
3,110
Pub
10
RubyGems
837
Rust
787
Swift
34
Unreviewed advisories
All unreviewed
5,000+

289 advisories

Loading
Karteek Docsplit vulnerable to OS Command Injection High
CVE-2013-1933 was published for karteek-docsplit (RubyGems) May 17, 2022
Fileutils Command Injection vulnerability High
CVE-2013-2516 was published for fileutils (RubyGems) May 14, 2022
Publify vulnerable to DoS attack High
CVE-2014-3211 was published for publify_core (RubyGems) May 17, 2022
Fluent Fluentd and Fluent-ui use default password High
CVE-2020-21514 was published for fluentd (RubyGems) Apr 4, 2023
Ruby-ffi has a DLL loading issue High
CVE-2018-1000201 was published for ffi (RubyGems) Aug 31, 2018
actionpack is vulnerable to denial of service via a crafted HTTP Accept header High
CVE-2016-0751 was published for actionpack (RubyGems) Oct 24, 2017
Aescrypt does not sufficiently use random values High
CVE-2013-7463 was published for aescrypt (RubyGems) Oct 24, 2017
WEBrick RCE Vulnerability High
CVE-2017-10784 was published for webrick (RubyGems) May 14, 2022
brent-yearone drewblas
leviem1 orien aramprice intrigus-lgtm alagos longkt90 ChrisBAshton potsbo libussa
Nokogiri Implements libxml2 version vulnerable to use-after-free High
CVE-2021-3518 was published for nokogiri (RubyGems) May 24, 2022
Puma used with Rails may lead to Information Exposure High
CVE-2022-23634 was published for puma (RubyGems) Feb 11, 2022
byroot
Nokogiri implementation of libxslt vulnerable to heap corruption High
CVE-2019-5815 was published for nokogiri (RubyGems) May 24, 2022
Nokogiri affected by libxslt Use of Uninitialized Resource/Use After Free vulnerability High
CVE-2019-18197 was published for nokogiri (RubyGems) May 24, 2022
Incorrect Access Control in Phusion Passenger High
CVE-2018-12028 was published for passenger (RubyGems) May 13, 2022
Nokogiri Inefficient Regular Expression Complexity High
CVE-2022-24836 was published for nokogiri (RubyGems) Apr 11, 2022
ooooooo-q
Remote code execution via user-provided local names in ActionView High
CVE-2020-8163 was published for actionview (RubyGems) Jul 7, 2020
Insecure path handling in Bundler High
CVE-2019-3881 was published for bundler (RubyGems) May 10, 2021
Action Pack contains Information Disclosure / Unintended Method Execution vulnerability High
CVE-2021-22885 was published for actionpack (RubyGems) May 5, 2021
RubyGems passenger gem allows remote attackers to delete files High
CVE-2012-6135 was published for passenger (RubyGems) Apr 23, 2022
jasnow
Circumvention of file size limits in ActiveStorage High
CVE-2020-8162 was published for activestorage (RubyGems) May 26, 2020
Arbitrary file read vulnerability in yard server High
CVE-2017-17042 was published for yard (RubyGems) Dec 21, 2017
ActiveRecord in Ruby on Rails allows database-query bypass High
CVE-2016-6317 was published for activerecord (RubyGems) Oct 24, 2017
Nokogiri implementation of libxslt lacks integer overflow checks High
CVE-2017-5029 was published for nokogiri (RubyGems) Jul 31, 2018
Cap-Strap gem for Ruby places credentials on the useradd command line High
CVE-2014-4992 was published for cap-strap (RubyGems) Mar 16, 2018
codders-dataset Process Table Local Plaintext Credential Disclosure High
CVE-2014-4991 was published for codders-dataset (RubyGems) May 14, 2022
jasnow
open-uri-cached Gem for Ruby Unsafe Temporary File Creation Enables Code Execution High
CVE-2015-3649 was published for open-uri-cached (RubyGems) May 13, 2022
ProTip! Advisories are also available from the GraphQL API