Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,956
Erlang
29
GitHub Actions
16
Go
1,745
Maven
4,969
npm
3,507
NuGet
609
pip
3,066
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+

289 advisories

Information disclosure issue in Active Resource High
CVE-2020-8151 was published for activeresource (RubyGems) May 21, 2020
Improper Restriction of Excessive Authentication Attempts in Sorcery High
CVE-2020-11052 was published for sorcery (RubyGems) May 7, 2020
futuretap
Exposure of Sensitive Information to an Unauthorized Actor in Doorkeeper High
CVE-2020-10187 was published for doorkeeper (RubyGems) May 7, 2020
stefansundin nbulaj
Authentication and extension bypass in Faye High
CVE-2020-11020 was published for faye (RubyGems) Apr 29, 2020
BSON rubygem contains potential denial of service High
CVE-2015-4411 was published for bson (RubyGems) Apr 29, 2020
Sort order SQL injection in Administrate High
CVE-2020-5257 was published for administrate (RubyGems) Mar 13, 2020
becojo
Denial of Service in uap-core when processing crafted User-Agent strings High
GHSA-pcqq-5962-hvcw was published for user_agent_parser (RubyGems) Mar 10, 2020
bcaller
libxml as used in Nokogiri has an infinite loop in a certain end-of-file situation High
CVE-2020-7595 was published for nokogiri (RubyGems) Feb 24, 2020
XSS/Script injection vulnerability in matestack High
CVE-2020-5241 was published for matestack-ui-core (RubyGems) Feb 12, 2020
PragTob tdunlap607
Prototype Pollution in chartkick High
CVE-2019-18841 was published for chartkick (RubyGems) Dec 2, 2019
JSON-jwt Gem lacked element count during splitting of JWE string High
CVE-2019-18848 was published for json-jwt (RubyGems) Nov 14, 2019
Ruby_parser-legacy Incorrect Permission Assignment for Critical Resource High
CVE-2019-18409 was published for ruby_parser-legacy (RubyGems) Oct 25, 2019
samlr XML nodes comment attack High
CVE-2018-20857 was published for samlr (RubyGems) Jul 31, 2019
OS Command Injection in MiniMagick High
CVE-2019-13574 was published for mini_magick (RubyGems) Jul 18, 2019
OmniAuth-SAML authentication bypass via incorrect XML canonicalization and DOM traversal High
CVE-2017-11430 was published for omniauth-saml (RubyGems) Jul 5, 2019
Ruby-SAML Improper Authentication vulnerability High
CVE-2017-11428 was published for ruby-saml (RubyGems) Jul 5, 2019
Path Traversal vulnerability that affects yard High
CVE-2019-1020001 was published for yard (RubyGems) Jul 2, 2019
RubyGems Escape sequence injection in errors High
CVE-2019-8325 was published for rubygems-update (RubyGems) Jun 20, 2019
RubyGems Delete directory using symlink when decompressing tar High
CVE-2019-8320 was published for rubygems-update (RubyGems) Jun 20, 2019
Code injection in RubyGems High
CVE-2019-8324 was published for rubygems-update (RubyGems) Jun 20, 2019
RubyGems Escape sequence injection vulnerability in verbose High
CVE-2019-8321 was published for rubygems-update (RubyGems) Jun 20, 2019
RubyGems Escape sequence injection vulnerability in gem owner High
CVE-2019-8322 was published for rubygems-update (RubyGems) Jun 20, 2019
RubyGems Escape sequence injection vulnerability in api response handling High
CVE-2019-8323 was published for rubygems-update (RubyGems) Jun 20, 2019
OmniAuth Ruby gem Cross-site Request Forgery in request phase High
CVE-2015-9284 was published for omniauth (RubyGems) May 29, 2019
G-Rath eugeneius
Improper Certificate Validation in chloride High
CVE-2018-6517 was published for chloride (RubyGems) Mar 25, 2019
ProTip! Advisories are also available from the GraphQL API