GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
300 advisories
Filter by severity
OmniAuth-SAML authentication bypass via incorrect XML canonicalization and DOM traversal
High
CVE-2017-11430
was published
for
omniauth-saml
(RubyGems)
Jul 5, 2019
Ruby-SAML Improper Authentication vulnerability
High
CVE-2017-11428
was published
for
ruby-saml
(RubyGems)
Jul 5, 2019
Path Traversal vulnerability that affects yard
High
CVE-2019-1020001
was published
for
yard
(RubyGems)
Jul 2, 2019
RubyGems Escape sequence injection in errors
High
CVE-2019-8325
was published
for
rubygems-update
(RubyGems)
Jun 20, 2019
RubyGems Delete directory using symlink when decompressing tar
High
CVE-2019-8320
was published
for
rubygems-update
(RubyGems)
Jun 20, 2019
Code injection in RubyGems
High
CVE-2019-8324
was published
for
rubygems-update
(RubyGems)
Jun 20, 2019
RubyGems Escape sequence injection vulnerability in verbose
High
CVE-2019-8321
was published
for
rubygems-update
(RubyGems)
Jun 20, 2019
RubyGems Escape sequence injection vulnerability in gem owner
High
CVE-2019-8322
was published
for
rubygems-update
(RubyGems)
Jun 20, 2019
RubyGems Escape sequence injection vulnerability in api response handling
High
CVE-2019-8323
was published
for
rubygems-update
(RubyGems)
Jun 20, 2019
OmniAuth Ruby gem Cross-site Request Forgery in request phase
High
CVE-2015-9284
was published
for
omniauth
(RubyGems)
May 29, 2019
Improper Certificate Validation in chloride
High
CVE-2018-6517
was published
for
chloride
(RubyGems)
Mar 25, 2019
Path Traversal in Action View
High
CVE-2019-5418
was published
for
actionview
(RubyGems)
Mar 13, 2019
Denial of Service Vulnerability in Action View
High
CVE-2019-5419
was published
for
actionview
(RubyGems)
Mar 13, 2019
High severity vulnerability that affects many_versioned_gem
High
GHSA-hhxm-4f85-rgr8
was published
for
many_versioned_gem
(RubyGems)
Feb 5, 2019
•
withdrawn
Nokogiri NULL Pointer Dereference
High
CVE-2018-14404
was published
for
nokogiri
(RubyGems)
Jan 17, 2019
Improper Access Control in activejob
High
CVE-2018-16476
was published
for
activejob
(RubyGems)
Dec 5, 2018
Rack vulnerable to Denial of Service
High
CVE-2018-16470
was published
for
rack
(RubyGems)
Nov 15, 2018
Jekyll allows attackers to access arbitrary files by specifying a symlink
High
CVE-2018-17567
was published
for
jekyll
(RubyGems)
Sep 28, 2018
Denial of service or RCE from libxml2 and libxslt
High
CVE-2015-8806
was published
for
nokogiri
(RubyGems)
Sep 17, 2018
Ruby-ffi has a DLL loading issue
High
CVE-2018-1000201
was published
for
ffi
(RubyGems)
Aug 31, 2018
Spina gem vulnerable to Cross-site request forgery (CSRF) vulnerability
High
CVE-2015-4619
was published
for
spina
(RubyGems)
Aug 28, 2018
High severity vulnerability that affects activerecord
High
GHSA-hm48-76wh-q86v
was published
for
activerecord
(RubyGems)
Aug 21, 2018
•
withdrawn
Nokogiri subject to DoS via libxml2 vulnerability
High
CVE-2015-5312
was published
for
nokogiri
(RubyGems)
Aug 21, 2018
High severity vulnerability that affects espeak-ruby
High
GHSA-w655-w578-99pq
was published
for
espeak-ruby
(RubyGems)
Aug 21, 2018
•
withdrawn
Ruby-saml allows attackers to perform XML signature wrapping attacks
High
CVE-2016-5697
was published
for
ruby-saml
(RubyGems)
Aug 21, 2018
ProTip!
Advisories are also available from the
GraphQL API