GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
885 advisories
Filter by severity
Moderate severity vulnerability that affects doorkeeper
Moderate
GHSA-5p9f-55j8-922m
was published
for
doorkeeper
(RubyGems)
Aug 13, 2018
•
withdrawn
Moderate severity vulnerability that affects actionpack
Moderate
GHSA-vwfg-qj3r-6v3r
was published
for
actionpack
(RubyGems)
Sep 17, 2018
•
withdrawn
High severity vulnerability that affects activerecord
High
GHSA-hm48-76wh-q86v
was published
for
activerecord
(RubyGems)
Aug 21, 2018
•
withdrawn
High severity vulnerability that affects espeak-ruby
High
GHSA-w655-w578-99pq
was published
for
espeak-ruby
(RubyGems)
Aug 21, 2018
•
withdrawn
CSS Injection in Chartkick gem
Moderate
CVE-2020-16254
was published
for
chartkick
(RubyGems)
Aug 12, 2020
Moderate severity vulnerability that affects web-console
Moderate
GHSA-82x2-g7vr-39wq
was published
for
web-console
(RubyGems)
Aug 13, 2018
•
withdrawn
High severity vulnerability that affects safemode
High
GHSA-8474-rc7c-wrhp
was published
for
safemode
(RubyGems)
Aug 8, 2018
•
withdrawn
Moderate severity vulnerability that affects actionpack
Moderate
GHSA-qf5x-qgx7-437h
was published
for
actionpack
(RubyGems)
Sep 17, 2018
•
withdrawn
Moderate severity vulnerability that affects sprockets
Moderate
GHSA-r4x3-g983-9g48
was published
for
sprockets
(RubyGems)
Oct 10, 2018
•
withdrawn
High severity vulnerability that affects colorscore
High
GHSA-9wcm-rrvh-qjc8
was published
for
colorscore
(RubyGems)
Aug 15, 2018
•
withdrawn
Moderate severity vulnerability that affects actionpack
Moderate
GHSA-m53f-rhq8-q6hf
was published
for
actionpack
(RubyGems)
Sep 17, 2018
•
withdrawn
Moderate severity vulnerability that affects paperclip
Moderate
GHSA-phmw-pv3f-vvx7
was published
for
paperclip
(RubyGems)
Aug 13, 2018
•
withdrawn
Withdrawn: HTTP Request Smuggling in Agoo
Moderate
CVE-2020-7670
was published
for
agoo
(RubyGems)
Oct 20, 2020
•
withdrawn
Authentication Bypass by CSRF Weakness
Critical
GHSA-5629-8855-gf4g
was published
for
solidus_core
(RubyGems)
Nov 18, 2021
SQLite3 addresses vulnerability in packaged version of libsqlite
Low
GHSA-mgvv-5mxp-xq67
was published
for
sqlite3
(RubyGems)
Oct 3, 2022
Pageflow vulnerable to insecure direct object reference in membership update endpoint
High
GHSA-qcqv-38jg-2r43
was published
for
pageflow
(RubyGems)
Sep 15, 2022
Pageflow vulnerable to sensitive user data extraction via Ransack query injection
High
GHSA-wrrw-crp8-979q
was published
for
pageflow
(RubyGems)
Sep 15, 2022
Vulnerable dependencies in Nokogiri
High
GHSA-fq42-c5rg-92c2
was published
for
nokogiri
(RubyGems)
Feb 25, 2022
Denial of Service (DoS) in Nokogiri on JRuby
High
GHSA-gx8x-g87m-h5q6
was published
for
nokogiri
(RubyGems)
Apr 11, 2022
Out-of-bounds Write in zlib affects Nokogiri
High
GHSA-v6gp-9mmm-c6p5
was published
for
nokogiri
(RubyGems)
Apr 11, 2022
XML Injection in Xerces Java affects Nokogiri
Moderate
GHSA-xxx9-3xcr-gjj3
was published
for
nokogiri
(RubyGems)
Apr 11, 2022
Integer Overflow or Wraparound in libxml2 affects Nokogiri
High
GHSA-cgx6-hpwq-fhv5
was published
for
nokogiri
(RubyGems)
May 18, 2022
personnummer/ruby vulnerable to Improper Input Validation
Low
GHSA-vp9c-fpxx-744v
was published
for
personnummer
(RubyGems)
Sep 23, 2020
active-support impersonates 'activesupport' gem
Critical
CVE-2018-3779
was published
for
active-support
(RubyGems)
Aug 13, 2018
ExifTool vulnerable to arbitrary code execution
High
GHSA-q95h-cqrv-8jv5
was published
for
exiftool_vendored
(RubyGems)
Jan 20, 2023
ProTip!
Advisories are also available from the
GraphQL API