Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

833 advisories

Loading
Possible code injection vulnerability in Rails / Active Storage Critical
CVE-2022-21831 was published for activestorage (RubyGems) Mar 8, 2022
sergey-alekseev
apollo_upload_server has Denial of Service vulnerability Moderate
CVE-2021-39880 was published for apollo_upload_server (RubyGems) May 24, 2022
jasnow
Content Injection via TileJSON Name in mapbox.js Moderate
CVE-2017-1000043 was published for mapbox-rails (RubyGems) Nov 9, 2018
Content Injection via TileJSON attribute in mapbox.js Moderate
CVE-2017-1000042 was published for mapbox-rails (RubyGems) Nov 9, 2018
karo Metacharacter Handling Remote Command Execution Critical
CVE-2014-10075 was published for karo (RubyGems) May 14, 2022
jasnow
redcarpet Buffer Overflow vulnerability High
CVE-2015-5147 was published for redcarpet (RubyGems) Aug 15, 2018
tdunlap607
opensearch-ruby 2.x before 2.0.2 vulnerable to unsafe YAML deserialization High
CVE-2022-31115 was published for opensearch-ruby (RubyGems) Jul 5, 2022
tdunlap607
qiita-markdown Cross-site Scripting vulnerability Moderate
CVE-2021-28833 was published for qiita-markdown (RubyGems) Aug 2, 2021
tdunlap607
unpoly-rails Denial of Service vulnerability Moderate
CVE-2023-28846 was published for unpoly-rails (RubyGems) Mar 30, 2023
codener triskweline
moritz-makandra fheinle-mak
Nokogiri updates packaged libxml2 to v2.10.4 to resolve multiple CVEs Moderate
GHSA-pxvg-2qj5-37jq was published for nokogiri (RubyGems) Apr 11, 2023
Commonmarker vulnerable to to several quadratic complexity bugs that may lead to denial of service Moderate
GHSA-48wp-p9qv-4j64 was published for commonmarker (RubyGems) Apr 11, 2023
Incorrect Handling of Non-Boolean Comparisons During Minification in uglify-js Critical
CVE-2015-8857 was published for uglifier (RubyGems) Oct 24, 2017
Cross-site Scripting Vulnerability in Action Pack Moderate
CVE-2022-22577 was published for actionpack (RubyGems) Apr 27, 2022
tdunlap607
JMESPath for Ruby uses unsafe JSON.load when safe JSON.parse is preferable Critical
CVE-2022-32511 was published for jmespath (RubyGems) Jun 7, 2022
plygrnd tdunlap607
ember-source Cross-site Scripting vulnerability Moderate
CVE-2014-0014 was published for ember-source (RubyGems) May 14, 2022
tdunlap607
protobuf-java has a potential Denial of Service issue Moderate
CVE-2022-3171 was published for com.google.protobuf:protobuf-java (RubyGems) Oct 4, 2022
Fat Free CRM Cross-Site Request Forgery vulnerability Moderate
CVE-2015-1585 was published for fat_free_crm (RubyGems) May 14, 2022
tdunlap607
Buffer overflow in sponge queue functions Critical
CVE-2022-37454 was published for pysha3 (RubyGems) Apr 26, 2023
Missing Authentication for Critical Function in Foreman Ansible High
CVE-2021-3589 was published for foreman_ansible (RubyGems) Mar 24, 2022
Remote shell execution vulnerability in image_processing Critical
CVE-2022-24720 was published for image_processing (RubyGems) Mar 1, 2022
Cross-Site Scripting in Kaminari Moderate
CVE-2020-11082 was published for kaminari (RubyGems) May 28, 2020
viseztrance sonalkr132
CSV-Safe improperly filters special characters potentially leading to CSV injection Critical
CVE-2022-28481 was published for csv-safe (RubyGems) May 3, 2022
SQL injection in blazer High
CVE-2022-29498 was published for blazer (RubyGems) Apr 22, 2022
tdunlap607
Improper one time password handling in devise-two-factor Moderate
CVE-2021-43177 was published for devise-two-factor (RubyGems) Apr 7, 2022
Command injection in cocoapods-downloader High
CVE-2022-21223 was published for cocoapods-downloader (RubyGems) Apr 2, 2022
ProTip! Advisories are also available from the GraphQL API