Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,032
Erlang
29
GitHub Actions
18
Go
1,838
Maven
5,000+
npm
3,577
NuGet
634
pip
3,162
Pub
10
RubyGems
849
Rust
800
Swift
34
Unreviewed advisories
All unreviewed
5,000+

41 advisories

Loading
actionpack Improper Input Validation vulnerability Moderate
CVE-2014-0082 was published for actionpack (RubyGems) Oct 24, 2017
rbovirt uses the rest-client gem with SSL verification disabled Moderate
CVE-2014-0036 was published for rbovirt (RubyGems) Oct 24, 2017
actionpack Path Traversal vulnerability Moderate
CVE-2014-0130 was published for actionpack (RubyGems) Oct 24, 2017
facter, hiera, mcollective-client, and puppet affected by untrusted search path vulnerability Moderate
CVE-2014-3248 was published for facter (RubyGems) Oct 24, 2017
Directory traversal vulnerability in actionpack Moderate
CVE-2014-7829 was published for actionpack (RubyGems) Oct 24, 2017
rack-ssl Cross-site Scripting vulnerability Moderate
CVE-2014-2538 was published for rack-ssl (RubyGems) Oct 24, 2017
actionpack vulnerable to Path Traversal Moderate
CVE-2014-7818 was published for actionpack (RubyGems) Oct 24, 2017
sprockets vulnerable to Path Traversal Moderate
CVE-2014-7819 was published for sprockets (RubyGems) Oct 24, 2017
Array data injection vulnerability in activerecord Moderate
CVE-2014-0080 was published for activerecord (RubyGems) Oct 24, 2017
actionpack vulnerable to Cross-site Scripting Moderate
CVE-2013-6415 was published for actionpack (RubyGems) Oct 24, 2017
Rails vulnerable to Cross-site Scripting Moderate
CVE-2014-0081 was published for actionpack (RubyGems) Oct 24, 2017
sentry-raven allows remote attackers to cause a denial of service via a large exponent value in a scientific number Moderate
CVE-2014-9490 was published for sentry-raven (RubyGems) Oct 24, 2017
actionpack allows bypass of database-query restrictions Moderate
CVE-2013-6417 was published for actionpack (RubyGems) Oct 24, 2017
actionpack Improper Input Validation vulnerability Moderate
CVE-2013-6414 was published for actionpack (RubyGems) Oct 24, 2017
actionmailer email address processing causes Denial of service Moderate
CVE-2013-4389 was published for actionmailer (RubyGems) Oct 24, 2017
actionpack vulnerable to Cross-site Scripting Moderate
CVE-2013-4491 was published for actionpack (RubyGems) Oct 24, 2017
jquery-ui Tooltip widget vulnerable to XSS Moderate
CVE-2012-6662 was published for jQuery.UI.Combined (RubyGems) Oct 24, 2017
actionpack Cross-site Scripting vulnerability Moderate
CVE-2013-1855 was published for actionpack (RubyGems) Oct 24, 2017
actionpack Cross-site Scripting vulnerability Moderate
CVE-2013-1857 was published for actionpack (RubyGems) Oct 24, 2017
RedCloth Cross-site Scripting vulnerability Moderate
CVE-2012-6684 was published for redcloth (RubyGems) Oct 24, 2017
oliverchang
Active Record Improper Input Validation Moderate
CVE-2013-1854 was published for activerecord (RubyGems) Oct 24, 2017
Puppet allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service Moderate
CVE-2013-4761 was published for puppet (RubyGems) Oct 24, 2017
Active Record allows bypassing of database-query restrictions Moderate
CVE-2013-0155 was published for activerecord (RubyGems) Oct 24, 2017
Cross-site Scripting in jquery-ui Moderate
CVE-2010-5312 was published for jQuery.UI.Combined (RubyGems) Oct 24, 2017
Gyazo allows local users to write arbitrary files Moderate
CVE-2014-4994 was published for gyazo (RubyGems) Jan 22, 2018
ProTip! Advisories are also available from the GraphQL API