GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 19,961
Composer 4,055
Erlang 29
GitHub Actions 19
Go 1,889
Maven 5,076
npm 3,605
NuGet 638
pip 3,208
Pub 10
RubyGems 852
Rust 816
Swift 35

Unreviewed advisories

All unreviewed 227,357

CC-BY-4.0 License

Language support

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

406 advisories

Filter by severity

Sort by

Least recently updated

apollo_upload_server has Denial of Service vulnerability Moderate

CVE-2021-39880 was published for apollo_upload_server (RubyGems) May 24, 2022

Content Injection via TileJSON Name in mapbox.js Moderate

CVE-2017-1000043 was published for mapbox-rails (RubyGems) Nov 9, 2018

Content Injection via TileJSON attribute in mapbox.js Moderate

CVE-2017-1000042 was published for mapbox-rails (RubyGems) Nov 9, 2018

qiita-markdown Cross-site Scripting vulnerability Moderate

CVE-2021-28833 was published for qiita-markdown (RubyGems) Aug 2, 2021

unpoly-rails Denial of Service vulnerability Moderate

CVE-2023-28846 was published for unpoly-rails (RubyGems) Mar 30, 2023

Nokogiri updates packaged libxml2 to v2.10.4 to resolve multiple CVEs Moderate

GHSA-pxvg-2qj5-37jq was published for nokogiri (RubyGems) Apr 11, 2023

Commonmarker vulnerable to to several quadratic complexity bugs that may lead to denial of service Moderate

GHSA-48wp-p9qv-4j64 was published for commonmarker (RubyGems) Apr 11, 2023

Cross-site Scripting Vulnerability in Action Pack Moderate

CVE-2022-22577 was published for actionpack (RubyGems) Apr 27, 2022

ember-source Cross-site Scripting vulnerability Moderate

CVE-2014-0014 was published for ember-source (RubyGems) May 14, 2022

protobuf-java has a potential Denial of Service issue Moderate

CVE-2022-3171 was published for com.google.protobuf:protobuf-java (RubyGems) Oct 4, 2022

Fat Free CRM Cross-Site Request Forgery vulnerability Moderate

CVE-2015-1585 was published for fat_free_crm (RubyGems) May 14, 2022

Cross-Site Scripting in Kaminari Moderate

CVE-2020-11082 was published for kaminari (RubyGems) May 28, 2020

Improper one time password handling in devise-two-factor Moderate

CVE-2021-43177 was published for devise-two-factor (RubyGems) Apr 7, 2022

ReDoS vulnerability in parser_apache2 Moderate

CVE-2021-41186 was published for fluentd (RubyGems) Nov 1, 2021

Older releases of better_errors open to Cross-Site Request Forgery attack Moderate

CVE-2021-39197 was published for better_errors (RubyGems) Sep 7, 2021

In RubyGem excon, interrupted Persistent Connections May Leak Response Data Moderate

CVE-2019-16779 was published for excon (RubyGems) Dec 16, 2019

XSS in Action View Moderate

CVE-2020-15169 was published for actionview (RubyGems) Sep 11, 2020

Possible Information Leak / Session Hijack Vulnerability in Rack Moderate

CVE-2019-16782 was published for rack (RubyGems) Dec 18, 2019

Rails Multisite secure/signed cookies share secrets between sites in a multi-site application Moderate

CVE-2021-41263 was published for rails_multisite (RubyGems) Nov 15, 2021

Silent Configuration Failure in Puppet Agent Moderate

CVE-2021-27025 was published for puppet (RubyGems) Dec 2, 2021

Unsafe HTTP Redirect in Puppet Agent and Puppet Server Moderate

CVE-2021-27023 was published for puppet (RubyGems) Dec 2, 2021

Publify `guest` role users can self-register even when the admin does not allow it Moderate

CVE-2021-25973 was published for publify_core (RubyGems) Nov 3, 2021

A poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack Moderate

CVE-2019-16770 was published for puma (RubyGems) Dec 5, 2019

Path traversal when MessageBus::Diagnostics is enabled Moderate

CVE-2021-43840 was published for message_bus (RubyGems) Dec 17, 2021

Nokogiri::XML::Schema trusts input by default, exposing risk of XXE vulnerability Moderate

CVE-2020-26247 was published for nokogiri (RubyGems) Dec 30, 2020

Previous 1 2 3 4 5 6 7 … 16 17 Next

ProTip! Advisories are also available from the GraphQL API

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

406 advisories