Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,023
Erlang
29
GitHub Actions
16
Go
1,830
Maven
5,000+
npm
3,573
NuGet
632
pip
3,150
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+

19,718 advisories

Loading
Web Console (Ruby gem) contains whitelisted_ips bypass Moderate
CVE-2015-3224 was published for web-console (RubyGems) Oct 24, 2017
sfpagent Command Injection vulnerability High
CVE-2014-2888 was published for sfpagent (RubyGems) Oct 24, 2017
rbovirt uses the rest-client gem with SSL verification disabled Moderate
CVE-2014-0036 was published for rbovirt (RubyGems) Oct 24, 2017
Arabic Prawn allows remote attackers to execute arbitrary commands via shell metacharacters High
CVE-2014-2322 was published for arabic-prawn (RubyGems) Oct 24, 2017
oliverchang
Cross-Site Scripting in serve-index Moderate
CVE-2015-8856 was published for serve-index (npm) Oct 24, 2017
tdunlap607
colorscore Command Injection vulnerability Critical
CVE-2015-7541 was published for colorscore (RubyGems) Oct 24, 2017
Webbynode Code Injection vulnerability High
CVE-2013-7086 was published for webbynode (RubyGems) Oct 24, 2017
sprout Arbitrary Code Execution vulnerability High
CVE-2013-6421 was published for sprout (RubyGems) Oct 24, 2017
sentry-raven allows remote attackers to cause a denial of service via a large exponent value in a scientific number Moderate
CVE-2014-9490 was published for sentry-raven (RubyGems) Oct 24, 2017
actionpack Cross-site Scripting vulnerability Moderate
CVE-2013-6416 was published for actionpack (RubyGems) Oct 24, 2017
SQL Injection in Active Record High
CVE-2014-3482 was published for activerecord (RubyGems) Oct 24, 2017
Rack vulnerable to Denial of Service via large parameter depth request Moderate
CVE-2015-3225 was published for rack (RubyGems) Oct 24, 2017
Regular Expression Denial of Service in marked High
CVE-2015-8854 was published for marked (npm) Oct 24, 2017
Code injection in dragonfly gem High
CVE-2013-5671 was published for dragonfly (RubyGems) Oct 24, 2017
G-Rath
RDoc contains XSS vulnerability Moderate
CVE-2013-0256 was published for rdoc (RubyGems) Oct 24, 2017
Phusion Passenger Denial of Service Moderate
CVE-2013-2119 was published for passenger (RubyGems) Oct 24, 2017
Shell Metacharacter Injection in kelredd-pruview Critical
CVE-2013-1947 was published for kelredd-pruview (RubyGems) Oct 24, 2017
Script Injection in Show In Browser gem Moderate
CVE-2013-2105 was published for show_in_browser (RubyGems) Oct 24, 2017
actionpack Improper Input Validation vulnerability High
CVE-2013-0156 was published for actionpack (RubyGems) Oct 24, 2017
omniauth-facebook Cross-Site Request Forgery vulnerability Moderate
CVE-2013-4562 was published for omniauth-facebook (RubyGems) Oct 24, 2017
actionpack Cross-site Scripting vulnerability Moderate
CVE-2012-3463 was published for actionpack (RubyGems) Oct 24, 2017
ShayAry
Dragonfly Code Injection vulnerability High
CVE-2013-1756 was published for dragonfly (RubyGems) Oct 24, 2017
Puppet Improper Input Validation vulnerability High
CVE-2013-3567 was published for puppet (RubyGems) Oct 24, 2017
Puppet allows local users to obtain sensitive configuration information Low
CVE-2012-3866 was published for puppet (RubyGems) Oct 24, 2017
Pupper does not properly restrict characters in Common Name field of Certificate Signing Request Moderate
CVE-2012-3867 was published for puppet (RubyGems) Oct 24, 2017
ProTip! Advisories are also available from the GraphQL API