GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
885 advisories
Filter by severity
Resque vulnerable to reflected XSS in Queue Endpoint
Moderate
CVE-2023-50727
was published
for
resque
(RubyGems)
Dec 18, 2023
Resque Scheduler Reflected XSS In Delayed Jobs View
Moderate
CVE-2022-44303
was published
for
resque-scheduler
(RubyGems)
Dec 18, 2023
Potential CSV export data leak
High
CVE-2023-50448
was published
for
activeadmin
(RubyGems)
Dec 15, 2023
pubnub Insufficient Entropy vulnerability
Moderate
CVE-2023-26154
was published
for
Pubnub
(RubyGems)
Dec 6, 2023
CarrierWave Content-Type allowlist bypass vulnerability, possibly leading to XSS
Moderate
CVE-2023-49090
was published
for
carrierwave
(RubyGems)
Nov 29, 2023
memory leak flaw was found in ruby-magick
Moderate
CVE-2023-5349
was published
for
rmagick
(RubyGems)
Oct 30, 2023
encoded_id-rails potential DOS vulnerability due to URIs with extremely long encoded IDs
High
CVE-2024-0241
was published
for
encoded_id-rails
(RubyGems)
Oct 24, 2023
svg_optimizer rubygem external XML entity (XXE) vulnerability
Moderate
CVE-2023-46035
was published
for
svg_optimizer
(RubyGems)
Oct 20, 2023
Puppet Bolt privilege escalation vulnerability
Critical
CVE-2023-5214
was published
for
bolt
(RubyGems)
Oct 6, 2023
geokit-rails Command Injection vulnerability
Critical
CVE-2023-26153
was published
for
geokit-rails
(RubyGems)
Oct 6, 2023
Decidim has broken access control in templates
High
CVE-2023-36465
was published
for
decidim
(RubyGems)
Oct 5, 2023
Foreman Transpilation Enables OS Command Injection
Critical
CVE-2022-3874
was published
for
foreman
(RubyGems)
Sep 22, 2023
•
withdrawn
sidekiq Denial of Service vulnerability
Moderate
CVE-2023-26141
was published
for
sidekiq
(RubyGems)
Sep 14, 2023
Denial of Service Vulnerability in gRPC TCP Server (Posix-compatible platforms)
High
CVE-2023-4785
was published
for
grpc
(RubyGems)
Sep 13, 2023
Active Support Possibly Discloses Locally Encrypted Files
Low
CVE-2023-38037
was published
for
activesupport
(RubyGems)
Aug 23, 2023
Puma HTTP Request/Response Smuggling vulnerability
Critical
CVE-2023-40175
was published
for
puma
(RubyGems)
Aug 18, 2023
Several quadratic complexity bugs may lead to denial of service in Commonmarker
Moderate
GHSA-7vh7-fw88-wj87
was published
for
commonmarker
(RubyGems)
Aug 8, 2023
protocol-http1 HTTP Request/Response Smuggling vulnerability
Moderate
CVE-2023-38697
was published
for
protocol-http1
(RubyGems)
Aug 3, 2023
rswag vulnerable to arbitrary JSON and YAML file read via directory traversal
High
CVE-2023-38337
was published
for
rswag
(RubyGems)
Jul 15, 2023
Decidim Cross-site Scripting vulnerability in the external link redirections
Moderate
CVE-2023-32693
was published
for
decidim
(RubyGems)
Jul 11, 2023
Decidim Cross-site Scripting vulnerability in the processes filter
High
CVE-2023-34089
was published
for
decidim
(RubyGems)
Jul 11, 2023
Decidim vulnerable to sensitive data disclosure
High
CVE-2023-34090
was published
for
decidim
(RubyGems)
Jul 11, 2023
gRPC connection termination issue
Moderate
CVE-2023-32732
was published
for
grpc
(RubyGems)
Jul 6, 2023
ProTip!
Advisories are also available from the
GraphQL API