GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,956
Erlang
29
GitHub Actions
16
Go
1,745
Maven
4,969
npm
3,507
NuGet
609
pip
3,066
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+
289 advisories
Filter by severity
Information disclosure issue in Active Resource
High
CVE-2020-8151
was published
for
activeresource
(RubyGems)
May 21, 2020
Improper Restriction of Excessive Authentication Attempts in Sorcery
High
CVE-2020-11052
was published
for
sorcery
(RubyGems)
May 7, 2020
Exposure of Sensitive Information to an Unauthorized Actor in Doorkeeper
High
CVE-2020-10187
was published
for
doorkeeper
(RubyGems)
May 7, 2020
Authentication and extension bypass in Faye
High
CVE-2020-11020
was published
for
faye
(RubyGems)
Apr 29, 2020
BSON rubygem contains potential denial of service
High
CVE-2015-4411
was published
for
bson
(RubyGems)
Apr 29, 2020
Sort order SQL injection in Administrate
High
CVE-2020-5257
was published
for
administrate
(RubyGems)
Mar 13, 2020
Denial of Service in uap-core when processing crafted User-Agent strings
High
GHSA-pcqq-5962-hvcw
was published
for
user_agent_parser
(RubyGems)
Mar 10, 2020
libxml as used in Nokogiri has an infinite loop in a certain end-of-file situation
High
CVE-2020-7595
was published
for
nokogiri
(RubyGems)
Feb 24, 2020
XSS/Script injection vulnerability in matestack
High
CVE-2020-5241
was published
for
matestack-ui-core
(RubyGems)
Feb 12, 2020
Prototype Pollution in chartkick
High
CVE-2019-18841
was published
for
chartkick
(RubyGems)
Dec 2, 2019
JSON-jwt Gem lacked element count during splitting of JWE string
High
CVE-2019-18848
was published
for
json-jwt
(RubyGems)
Nov 14, 2019
Ruby_parser-legacy Incorrect Permission Assignment for Critical Resource
High
CVE-2019-18409
was published
for
ruby_parser-legacy
(RubyGems)
Oct 25, 2019
OS Command Injection in MiniMagick
High
CVE-2019-13574
was published
for
mini_magick
(RubyGems)
Jul 18, 2019
OmniAuth-SAML authentication bypass via incorrect XML canonicalization and DOM traversal
High
CVE-2017-11430
was published
for
omniauth-saml
(RubyGems)
Jul 5, 2019
Ruby-SAML Improper Authentication vulnerability
High
CVE-2017-11428
was published
for
ruby-saml
(RubyGems)
Jul 5, 2019
Path Traversal vulnerability that affects yard
High
CVE-2019-1020001
was published
for
yard
(RubyGems)
Jul 2, 2019
RubyGems Escape sequence injection in errors
High
CVE-2019-8325
was published
for
rubygems-update
(RubyGems)
Jun 20, 2019
RubyGems Delete directory using symlink when decompressing tar
High
CVE-2019-8320
was published
for
rubygems-update
(RubyGems)
Jun 20, 2019
Code injection in RubyGems
High
CVE-2019-8324
was published
for
rubygems-update
(RubyGems)
Jun 20, 2019
RubyGems Escape sequence injection vulnerability in verbose
High
CVE-2019-8321
was published
for
rubygems-update
(RubyGems)
Jun 20, 2019
RubyGems Escape sequence injection vulnerability in gem owner
High
CVE-2019-8322
was published
for
rubygems-update
(RubyGems)
Jun 20, 2019
RubyGems Escape sequence injection vulnerability in api response handling
High
CVE-2019-8323
was published
for
rubygems-update
(RubyGems)
Jun 20, 2019
OmniAuth Ruby gem Cross-site Request Forgery in request phase
High
CVE-2015-9284
was published
for
omniauth
(RubyGems)
May 29, 2019
Improper Certificate Validation in chloride
High
CVE-2018-6517
was published
for
chloride
(RubyGems)
Mar 25, 2019
ProTip!
Advisories are also available from the
GraphQL API