Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,028
Erlang
29
GitHub Actions
16
Go
1,832
Maven
5,000+
npm
3,573
NuGet
632
pip
3,158
Pub
10
RubyGems
847
Rust
797
Swift
34
Unreviewed advisories
All unreviewed
5,000+

111,070 advisories

Loading
Puppet allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service Moderate
CVE-2013-4761 was published for puppet (RubyGems) Oct 24, 2017
Active Record Improper Input Validation Moderate
CVE-2013-1854 was published for activerecord (RubyGems) Oct 24, 2017
Rack Vulnerable to Path Traversal Moderate
CVE-2013-0262 was published for rack (RubyGems) Oct 24, 2017
Active Record allows bypassing of database-query restrictions Moderate
CVE-2013-0155 was published for activerecord (RubyGems) Oct 24, 2017
jquery-ui Tooltip widget vulnerable to XSS Moderate
CVE-2012-6662 was published for jQuery.UI.Combined (RubyGems) Oct 24, 2017
actionpack vulnerable to Cross-site Scripting Moderate
CVE-2013-4491 was published for actionpack (RubyGems) Oct 24, 2017
Rack vulnerable to REDoS Moderate
CVE-2012-6109 was published for rack (RubyGems) Oct 24, 2017
ActiveRecord vulnerable to modification of protected model attributes Moderate
CVE-2013-0276 was published for activerecord (RubyGems) Oct 24, 2017
actionpack Cross-site Scripting vulnerability Moderate
CVE-2013-1855 was published for actionpack (RubyGems) Oct 24, 2017
actionpack Improper Input Validation vulnerability Moderate
CVE-2013-6414 was published for actionpack (RubyGems) Oct 24, 2017
Cocaine Gem OS Command Injection vulnerability Moderate
CVE-2013-4457 was published for cocaine (RubyGems) Oct 24, 2017
Devise does not properly perform type conversion when performing database queries Moderate
CVE-2013-0233 was published for devise (RubyGems) Oct 24, 2017
RedCloth Cross-site Scripting vulnerability Moderate
CVE-2012-6684 was published for redcloth (RubyGems) Oct 24, 2017
oliverchang
omniauth-oauth2 Cross-Site Request Forgery vulnerability Moderate
CVE-2012-6134 was published for omniauth-oauth2 (RubyGems) Oct 24, 2017
newrelic_rpm Gem Discloses Sensitive Information Moderate
CVE-2013-0284 was published for newrelic_rpm (RubyGems) Oct 24, 2017
ldoce Gem Arbitrary Command Execution Moderate
CVE-2013-1911 was published for ldoce (RubyGems) Oct 24, 2017
Rack rubygems receiving excessively long lines triggers out-of-memory error Moderate
CVE-2013-0183 was published for rack (RubyGems) Oct 24, 2017
Spree Improper Input Validation vulnerability Moderate
CVE-2013-1656 was published for spree (RubyGems) Oct 24, 2017
insecure temporary directory usage in passenger Moderate
CVE-2013-4136 was published for passenger (RubyGems) Oct 24, 2017
Denial of service in ruby-openid Moderate
CVE-2013-1812 was published for ruby-openid (RubyGems) Oct 24, 2017
activesupport Improper Input Validation vulnerability Moderate
CVE-2013-1856 was published for activesupport (RubyGems) Oct 24, 2017
actionmailer email address processing causes Denial of service Moderate
CVE-2013-4389 was published for actionmailer (RubyGems) Oct 24, 2017
i18n gem Cross-site Scripting vulnerability Moderate
CVE-2013-4492 was published for i18n (RubyGems) Oct 24, 2017
Wicked gem contains Path traversal vulnerability Moderate
CVE-2013-4413 was published for wicked (RubyGems) Oct 24, 2017
activesupport Cross-site Scripting vulnerability Moderate
CVE-2012-3464 was published for activesupport (RubyGems) Oct 24, 2017
tdunlap607
ProTip! Advisories are also available from the GraphQL API