GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
833 advisories
Filter by severity
Possible code injection vulnerability in Rails / Active Storage
Critical
CVE-2022-21831
was published
for
activestorage
(RubyGems)
Mar 8, 2022
apollo_upload_server has Denial of Service vulnerability
Moderate
CVE-2021-39880
was published
for
apollo_upload_server
(RubyGems)
May 24, 2022
Content Injection via TileJSON Name in mapbox.js
Moderate
CVE-2017-1000043
was published
for
mapbox-rails
(RubyGems)
Nov 9, 2018
Content Injection via TileJSON attribute in mapbox.js
Moderate
CVE-2017-1000042
was published
for
mapbox-rails
(RubyGems)
Nov 9, 2018
karo Metacharacter Handling Remote Command Execution
Critical
CVE-2014-10075
was published
for
karo
(RubyGems)
May 14, 2022
redcarpet Buffer Overflow vulnerability
High
CVE-2015-5147
was published
for
redcarpet
(RubyGems)
Aug 15, 2018
opensearch-ruby 2.x before 2.0.2 vulnerable to unsafe YAML deserialization
High
CVE-2022-31115
was published
for
opensearch-ruby
(RubyGems)
Jul 5, 2022
qiita-markdown Cross-site Scripting vulnerability
Moderate
CVE-2021-28833
was published
for
qiita-markdown
(RubyGems)
Aug 2, 2021
unpoly-rails Denial of Service vulnerability
Moderate
CVE-2023-28846
was published
for
unpoly-rails
(RubyGems)
Mar 30, 2023
Nokogiri updates packaged libxml2 to v2.10.4 to resolve multiple CVEs
Moderate
GHSA-pxvg-2qj5-37jq
was published
for
nokogiri
(RubyGems)
Apr 11, 2023
Commonmarker vulnerable to to several quadratic complexity bugs that may lead to denial of service
Moderate
GHSA-48wp-p9qv-4j64
was published
for
commonmarker
(RubyGems)
Apr 11, 2023
Incorrect Handling of Non-Boolean Comparisons During Minification in uglify-js
Critical
CVE-2015-8857
was published
for
uglifier
(RubyGems)
Oct 24, 2017
Cross-site Scripting Vulnerability in Action Pack
Moderate
CVE-2022-22577
was published
for
actionpack
(RubyGems)
Apr 27, 2022
JMESPath for Ruby uses unsafe JSON.load when safe JSON.parse is preferable
Critical
CVE-2022-32511
was published
for
jmespath
(RubyGems)
Jun 7, 2022
ember-source Cross-site Scripting vulnerability
Moderate
CVE-2014-0014
was published
for
ember-source
(RubyGems)
May 14, 2022
protobuf-java has a potential Denial of Service issue
Moderate
CVE-2022-3171
was published
for
com.google.protobuf:protobuf-java
(RubyGems)
Oct 4, 2022
Fat Free CRM Cross-Site Request Forgery vulnerability
Moderate
CVE-2015-1585
was published
for
fat_free_crm
(RubyGems)
May 14, 2022
Buffer overflow in sponge queue functions
Critical
CVE-2022-37454
was published
for
pysha3
(RubyGems)
Apr 26, 2023
Missing Authentication for Critical Function in Foreman Ansible
High
CVE-2021-3589
was published
for
foreman_ansible
(RubyGems)
Mar 24, 2022
Remote shell execution vulnerability in image_processing
Critical
CVE-2022-24720
was published
for
image_processing
(RubyGems)
Mar 1, 2022
Cross-Site Scripting in Kaminari
Moderate
CVE-2020-11082
was published
for
kaminari
(RubyGems)
May 28, 2020
CSV-Safe improperly filters special characters potentially leading to CSV injection
Critical
CVE-2022-28481
was published
for
csv-safe
(RubyGems)
May 3, 2022
Improper one time password handling in devise-two-factor
Moderate
CVE-2021-43177
was published
for
devise-two-factor
(RubyGems)
Apr 7, 2022
Command injection in cocoapods-downloader
High
CVE-2022-21223
was published
for
cocoapods-downloader
(RubyGems)
Apr 2, 2022
ProTip!
Advisories are also available from the
GraphQL API