GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
30
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,299
Pub
11
RubyGems
878
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
878 advisories
Filter by severity
Puppet vulnerable to Path Traversal
Low
CVE-2012-3865
was published
for
puppet
(RubyGems)
Oct 24, 2017
actionpack Improper Input Validation vulnerability
High
CVE-2013-0156
was published
for
actionpack
(RubyGems)
Oct 24, 2017
actionpack Cross-site Scripting vulnerability
Moderate
CVE-2012-3465
was published
for
actionpack
(RubyGems)
Oct 24, 2017
ActiveRecord vulnerable to modification of protected model attributes
Moderate
CVE-2013-0276
was published
for
activerecord
(RubyGems)
Oct 24, 2017
omniauth-facebook Cross-Site Request Forgery vulnerability
Moderate
CVE-2013-4562
was published
for
omniauth-facebook
(RubyGems)
Oct 24, 2017
actionpack Cross-site Scripting vulnerability
Moderate
CVE-2012-3463
was published
for
actionpack
(RubyGems)
Oct 24, 2017
Dragonfly Code Injection vulnerability
High
CVE-2013-1756
was published
for
dragonfly
(RubyGems)
Oct 24, 2017
actionpack Cross-site Scripting vulnerability
Moderate
CVE-2013-1857
was published
for
actionpack
(RubyGems)
Oct 24, 2017
Puppet Improper Input Validation vulnerability
High
CVE-2013-1655
was published
for
puppet
(RubyGems)
Oct 24, 2017
Puppet allows local users to obtain sensitive configuration information
Low
CVE-2012-3866
was published
for
puppet
(RubyGems)
Oct 24, 2017
actionpack Cross-site Scripting vulnerability
Moderate
CVE-2013-1855
was published
for
actionpack
(RubyGems)
Oct 24, 2017
HTTParty does not restrict casts of string values
High
CVE-2013-1801
was published
for
httparty
(RubyGems)
Oct 24, 2017
activesupport in Rails vulnerable to incorrect data conversion
High
CVE-2013-0333
was published
for
activesupport
(RubyGems)
Oct 24, 2017
Pupper does not properly restrict characters in Common Name field of Certificate Signing Request
Moderate
CVE-2012-3867
was published
for
puppet
(RubyGems)
Oct 24, 2017
RDoc contains XSS vulnerability
Moderate
CVE-2013-0256
was published
for
rdoc
(RubyGems)
Oct 24, 2017
Puppet allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service
Moderate
CVE-2013-4761
was published
for
puppet
(RubyGems)
Oct 24, 2017
Devise does not properly perform type conversion when performing database queries
Moderate
CVE-2013-0233
was published
for
devise
(RubyGems)
Oct 24, 2017
Cocaine Gem OS Command Injection vulnerability
Moderate
CVE-2013-4457
was published
for
cocaine
(RubyGems)
Oct 24, 2017
Web Console (Ruby gem) contains whitelisted_ips bypass
Moderate
CVE-2015-3224
was published
for
web-console
(RubyGems)
Oct 24, 2017
Rack vulnerable to Denial of Service via large parameter depth request
Moderate
CVE-2015-3225
was published
for
rack
(RubyGems)
Oct 24, 2017
actionpack Cross-site Scripting vulnerability
Moderate
CVE-2013-6416
was published
for
actionpack
(RubyGems)
Oct 24, 2017
Arabic Prawn allows remote attackers to execute arbitrary commands via shell metacharacters
High
CVE-2014-2322
was published
for
arabic-prawn
(RubyGems)
Oct 24, 2017
sfpagent Command Injection vulnerability
High
CVE-2014-2888
was published
for
sfpagent
(RubyGems)
Oct 24, 2017
rbovirt uses the rest-client gem with SSL verification disabled
Moderate
CVE-2014-0036
was published
for
rbovirt
(RubyGems)
Oct 24, 2017
ProTip!
Advisories are also available from the
GraphQL API