Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

425 advisories

Loading
openshift-origin-node Improper Input Validation vulnerability Moderate
CVE-2014-0084 was published for openshift-origin-node (RubyGems) May 17, 2022
Publify has Improper Access Controls Moderate
CVE-2022-1810 was published for publify_core (RubyGems) May 24, 2022
Withdrawn Advisory: Fat Free CRM Cross-site Scripting vulnerability Moderate
CVE-2019-10226 was published for fat_free_crm (RubyGems) May 24, 2022 withdrawn
steveyken
Devise Token Auth vulnerable to Cross-site Scripting Moderate
CVE-2019-16751 was published for devise_token_auth (RubyGems) May 24, 2022
Nokogiri Implements libxml2 version vulnerable to null pointer dereferencing Moderate
CVE-2021-3537 was published for nokogiri (RubyGems) May 24, 2022
Smashing Cross-site Scripting vulnerability Moderate
CVE-2021-35440 was published for smashing (RubyGems) May 24, 2022
apollo_upload_server has Denial of Service vulnerability Moderate
CVE-2021-39880 was published for apollo_upload_server (RubyGems) May 24, 2022
jasnow
Camaleon CMS vulnerable to Server-Side Request Forgery Moderate
CVE-2021-25972 was published for camaleon_cms (RubyGems) May 24, 2022
Camaleon CMS vulnerable to Uncaught Exception Moderate
CVE-2021-25971 was published for camaleon_cms (RubyGems) May 24, 2022
net-ldap has weak salt when generating passwords Moderate
CVE-2014-0083 was published for net-ldap (RubyGems) May 24, 2022
Cross site scripting in publify Moderate
CVE-2021-25975 was published for publify_core (RubyGems) May 24, 2022
Cross site scripting in publify Moderate
CVE-2021-25974 was published for publify_core (RubyGems) May 24, 2022
Camaleon CMS Stored Cross-site Scripting vulnerability Moderate
CVE-2021-25969 was published for camaleon_cms (RubyGems) May 24, 2022
Use of Uninitialized Variable in trilogy Moderate
CVE-2022-31026 was published for trilogy (RubyGems) Jun 6, 2022
Mechanize before v2.8.5 vulnerable to authorization header leak on port redirect Moderate
CVE-2022-31033 was published for mechanize (RubyGems) Jun 9, 2022
Rails::Html::Sanitizer vulnerable to Cross-site Scripting Moderate
CVE-2022-32209 was published for rails-html-sanitizer (RubyGems) Jun 25, 2022
tdunlap607
Externally Controlled Reference to a Resource in Another Sphere in ruby-mysql Moderate
CVE-2021-3779 was published for ruby-mysql (RubyGems) Jun 29, 2022
Ember.js Potential XSS Exploit When Binding `tagName` to User-Supplied Data Moderate
CVE-2013-4170 was published for ember-source (RubyGems) Jul 1, 2022
Gollum Cross-site Scripting vulnerability via filename parameter to New Page dialog Moderate
CVE-2020-35305 was published for gollum (RubyGems) Jul 16, 2022
jQuery UI vulnerable to XSS when refreshing a checkboxradio with an HTML-like initial text label Moderate
CVE-2022-31160 was published for jQuery.UI.Combined (RubyGems) Jul 18, 2022
Elkano c960657
administrate vulnerable to Cross-Site Request Forgery Moderate
CVE-2016-3098 was published for administrate (RubyGems) Aug 6, 2022
update_by_case before 0.1.3 can be vulnerable to sql injection Moderate
CVE-2022-35956 was published for update_by_case (RubyGems) Aug 11, 2022
Unbounded resource exhaustion in cmark-gfm autolink extension may lead to denial of service Moderate
GHSA-4qw4-jpp4-8gvp was published for commonmarker (RubyGems) Sep 21, 2022
protobuf-java has a potential Denial of Service issue Moderate
CVE-2022-3171 was published for com.google.protobuf:protobuf-java (RubyGems) Oct 4, 2022
Fat Free CRM vulnerable to Remote Denial of Service via Tasks endpoint Moderate
CVE-2022-39281 was published for fat_free_crm (RubyGems) Oct 7, 2022
p-
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database