GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,956
Erlang
29
GitHub Actions
16
Go
1,740
Maven
4,967
npm
3,507
NuGet
609
pip
3,064
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+
832 advisories
Filter by severity
Gitaly Insufficient Session Expiration vulnerability
Low
CVE-2020-13353
was published
for
gitaly
(RubyGems)
May 24, 2022
WEBRick vulnerable to HTTP Request/Response Smuggling
High
CVE-2020-25613
was published
for
webrick
(RubyGems)
May 24, 2022
omniauth-weibo-oauth2 included a code-execution backdoor inserted by a third party
Critical
CVE-2019-17268
was published
for
omniauth-weibo-oauth2
(RubyGems)
May 24, 2022
papercrop does not properly handle crop input
Critical
CVE-2015-2784
was published
for
papercrop
(RubyGems)
May 24, 2022
Nokogiri implementation of libxslt vulnerable to heap corruption
High
CVE-2019-5815
was published
for
nokogiri
(RubyGems)
May 24, 2022
Katello cleartext password storage issue
Low
CVE-2019-14825
was published
for
katello
(RubyGems)
May 24, 2022
Missing Initialization of Resource in Apache Arrow
High
CVE-2019-12410
was published
for
pyarrow
(RubyGems)
May 24, 2022
Missing Initialization of Resource in Apache Arrow
High
CVE-2019-12408
was published
for
pyarrow
(RubyGems)
May 24, 2022
Nokogiri affected by libxslt Use of Uninitialized Resource/Use After Free vulnerability
High
CVE-2019-18197
was published
for
nokogiri
(RubyGems)
May 24, 2022
Devise Token Auth vulnerable to Cross-site Scripting
Moderate
CVE-2019-16751
was published
for
devise_token_auth
(RubyGems)
May 24, 2022
Elastic APM agent for Ruby vulnerable to Improper Certificate Validation
High
CVE-2019-7615
was published
for
elastic-apm
(RubyGems)
May 24, 2022
libxslt Type Confusion vulnerability that affects Nokogiri
High
CVE-2019-13118
was published
for
nokogiri
(RubyGems)
May 24, 2022
Uninitialized read in Nokogiri gem
High
CVE-2019-13117
was published
for
nokogiri
(RubyGems)
May 24, 2022
Withdrawn Advisory: Fat Free CRM Cross-site Scripting vulnerability
Moderate
CVE-2019-10226
was published
for
fat_free_crm
(RubyGems)
May 24, 2022
•
withdrawn
Publify has Improper Access Controls
Moderate
CVE-2022-1810
was published
for
publify_core
(RubyGems)
May 24, 2022
Publify vulnerable to cross site scripting
Critical
CVE-2022-1811
was published
for
publify_core
(RubyGems)
May 24, 2022
Nokogiri Improperly Handles Unexpected Data Type
High
CVE-2022-29181
was published
for
nokogiri
(RubyGems)
May 23, 2022
Insecure PRNG use in random_password_generator
High
CVE-2019-25061
was published
for
random_password_generator
(RubyGems)
May 19, 2022
Integer Overflow or Wraparound in libxml2 affects Nokogiri
High
GHSA-cgx6-hpwq-fhv5
was published
for
nokogiri
(RubyGems)
May 18, 2022
Publify vulnerable to DoS attack
High
CVE-2014-3211
was published
for
publify_core
(RubyGems)
May 17, 2022
openshift-origin-node Improper Input Validation vulnerability
Moderate
CVE-2014-0084
was published
for
openshift-origin-node
(RubyGems)
May 17, 2022
Spree does not properly restrict the use of a hash to provide values for a model's attributes
Moderate
CVE-2008-7310
was published
for
spree
(RubyGems)
May 17, 2022
Spree uses a hardcoded hash value
Moderate
CVE-2008-7311
was published
for
spree
(RubyGems)
May 17, 2022
Chef Improper Access Control vulnerability
Moderate
CVE-2010-5142
was published
for
chef
(RubyGems)
May 17, 2022
spree_auth_devise allows remote authenticated users to assign themselves arbitrary roles
Moderate
CVE-2013-2506
was published
for
spree_auth_devise
(RubyGems)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API