GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,967
Erlang
29
GitHub Actions
16
Go
1,748
Maven
4,978
npm
3,509
NuGet
609
pip
3,075
Pub
10
RubyGems
832
Rust
781
Swift
34
Unreviewed advisories
All unreviewed
5,000+
289 advisories
Filter by severity
Metasploit Framework user exposes Metasploit to same deserialization issue that is exploited by that module
High
CVE-2020-7385
was published
for
metasploit-framework
(RubyGems)
May 24, 2022
sinatra does not validate expanded path matches
High
CVE-2022-29970
was published
for
sinatra
(RubyGems)
May 3, 2022
Ensure that doorkeeper_token is valid when authenticating requests in API v2 calls
High
CVE-2020-15269
was published
for
spree
(RubyGems)
Oct 20, 2020
Cross-Site Request Forgery (CSRF) in trestle-auth
High
CVE-2021-29435
was published
for
trestle-auth
(RubyGems)
Apr 13, 2021
ReDos vulnerability on guest checkout email validation
High
CVE-2021-43805
was published
for
solidus_core
(RubyGems)
Dec 7, 2021
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in view_component
High
CVE-2022-24722
was published
for
view_component
(RubyGems)
Mar 2, 2022
Improper Certificate Validation in kubeclient
High
CVE-2022-0759
was published
for
kubeclient
(RubyGems)
Mar 26, 2022
Regression in JWT Signature Validation
High
CVE-2020-15240
was published
for
omniauth-auth0
(RubyGems)
Nov 3, 2020
Command Injection Vulnerability in Mechanize
High
CVE-2021-21289
was published
for
mechanize
(RubyGems)
Feb 2, 2021
Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
High
CVE-2021-41098
was published
for
nokogiri
(RubyGems)
Sep 27, 2021
Nokogiri Improperly Handles Unexpected Data Type
High
CVE-2022-29181
was published
for
nokogiri
(RubyGems)
May 23, 2022
Insecure PRNG use in random_password_generator
High
CVE-2019-25061
was published
for
random_password_generator
(RubyGems)
May 19, 2022
Sort order SQL injection in Administrate
High
CVE-2020-5257
was published
for
administrate
(RubyGems)
Mar 13, 2020
Exposure of Sensitive Information to an Unauthorized Actor in Doorkeeper
High
CVE-2020-10187
was published
for
doorkeeper
(RubyGems)
May 7, 2020
Code Injection vulnerability in CarrierWave::RMagick
High
CVE-2021-21305
was published
for
carrierwave
(RubyGems)
Feb 8, 2021
Regular Expression Denial of Service in Addressable templates
High
CVE-2021-32740
was published
for
addressable
(RubyGems)
Jul 12, 2021
Command injection in cocoapods-downloader
High
CVE-2022-24440
was published
for
cocoapods-downloader
(RubyGems)
Apr 2, 2022
Command injection in cocoapods-downloader
High
CVE-2022-21223
was published
for
cocoapods-downloader
(RubyGems)
Apr 2, 2022
Missing Authentication for Critical Function in Foreman Ansible
High
CVE-2021-3589
was published
for
foreman_ansible
(RubyGems)
Mar 24, 2022
opensearch-ruby 2.x before 2.0.2 vulnerable to unsafe YAML deserialization
High
CVE-2022-31115
was published
for
opensearch-ruby
(RubyGems)
Jul 5, 2022
redcarpet Buffer Overflow vulnerability
High
CVE-2015-5147
was published
for
redcarpet
(RubyGems)
Aug 15, 2018
Gem in a Box vulnerable to Cross-site Request Forgery
High
CVE-2017-14683
was published
for
geminabox
(RubyGems)
May 13, 2022
SQL Injection in Active Record
High
CVE-2014-3482
was published
for
activerecord
(RubyGems)
Oct 24, 2017
RubyGems Improper Input Validation vulnerability
High
CVE-2017-0900
was published
for
rubygems-update
(RubyGems)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API