Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,023
Erlang
29
GitHub Actions
16
Go
1,830
Maven
5,000+
npm
3,573
NuGet
632
pip
3,156
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+

244,427 advisories

Loading
actionpack Cross-Site Request Forgery vulnerability Moderate
CVE-2011-0447 was published for actionpack (RubyGems) Oct 24, 2017
jasnow
Rails activerecord gem has Improper Input Validation vulnerability Moderate
CVE-2010-3933 was published for activerecord (RubyGems) Oct 24, 2017
jasnow
Improper Input Validation in actionpack Moderate
CVE-2008-7248 was published for actionpack (RubyGems) Oct 24, 2017
jasnow
Rails ActiveRecord gem vulnerable to SQL injection High
CVE-2008-4094 was published for activerecord (RubyGems) Oct 24, 2017
jasnow
Cross-site Scripting vulnerability in i18n translations helper method Moderate
CVE-2011-4319 was published for actionpack (RubyGems) Oct 24, 2017
jasnow
actionpack and activesupport vulnerable to information leaks Moderate
CVE-2009-3086 was published for actionpack (RubyGems) Oct 24, 2017
jasnow
activesupport Cross-site Scripting vulnerability Moderate
CVE-2012-1098 was published for activesupport (RubyGems) Oct 24, 2017
rails vulnerable to improper authentication Critical
CVE-2009-2422 was published for rails (RubyGems) Oct 24, 2017
actionpack Improper Input Validation vulnerability Moderate
CVE-2011-3187 was published for actionpack (RubyGems) Oct 24, 2017
actionpack allows remote attackers to bypass intended access restrictions High
CVE-2011-0449 was published for actionpack (RubyGems) Oct 24, 2017
ShayAry
sqlite3-ruby uses weak permissions for unspecified files, which allows local users to gain privileges Low
CVE-2011-0995 was published for sqlite3-ruby (RubyGems) Oct 24, 2017
activerecord vulnerable to SQL Injection High
CVE-2012-2695 was published for activerecord (RubyGems) Oct 24, 2017
activesupport Cross-site Scripting vulnerability Moderate
CVE-2011-2932 was published for activesupport (RubyGems) Oct 24, 2017
Puppet allows local users to overwrite arbitrary files via a symlink attack Low
CVE-2012-1989 was published for puppet (RubyGems) Oct 24, 2017
actionpack allows remote attackers to bypass database-query restrictions, perform NULL checks via crafted request Moderate
CVE-2012-2694 was published for actionpack (RubyGems) Oct 24, 2017
activerecord vulnerable to SQL Injection High
CVE-2011-2930 was published for activerecord (RubyGems) Oct 24, 2017
actionpack Improper Input Validation vulnerability Moderate
CVE-2011-2929 was published for actionpack (RubyGems) Oct 24, 2017
actionpack Cross-site Scripting vulnerability Moderate
CVE-2011-2931 was published for actionpack (RubyGems) Oct 24, 2017
Puppet supports use of IP addresses in certnames without warning of potential risks Low
CVE-2012-3408 was published for puppet (RubyGems) Oct 24, 2017
actionpack Improper Authentication vulnerability Moderate
CVE-2012-3424 was published for actionpack (RubyGems) Oct 24, 2017
ShayAry
WEBrick Improper Input Validation vulnerability Moderate
CVE-2009-4492 was published for webrick (RubyGems) Oct 24, 2017
G-Rath
Action Pack contains database-query restrictions bypass Moderate
CVE-2012-2660 was published for actionpack (RubyGems) Oct 24, 2017
session fixation protection mechanism in cgi_process.rb in Rails Moderate
CVE-2007-6077 was published for rails (RubyGems) Oct 24, 2017
rails is vulnerable to CRLF injection Moderate
CVE-2008-5189 was published for rails (RubyGems) Oct 24, 2017
activerecord vulnerable to SQL Injection High
CVE-2011-0448 was published for activerecord (RubyGems) Oct 24, 2017
tdunlap607
ProTip! Advisories are also available from the GraphQL API