Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

54 advisories

Loading
Publify Improper Input Validation vulnerability Critical
CVE-2023-0299 was published for publify_core (RubyGems) Jan 14, 2023
Sanitize vulnerable to Improper Input Validation and Cross-site Scripting High
CVE-2018-3740 was published for sanitize (RubyGems) Mar 21, 2018
papercrop does not properly handle crop input Critical
CVE-2015-2784 was published for papercrop (RubyGems) May 24, 2022
Fat Free CRM vulnerable to Remote Denial of Service via Tasks endpoint Moderate
CVE-2022-39281 was published for fat_free_crm (RubyGems) Oct 7, 2022
p-
actionpack Improper Input Validation vulnerability High
CVE-2013-0156 was published for actionpack (RubyGems) Oct 24, 2017
RubyGems may allow a maliciously crafted gem to overwrite files High
CVE-2017-0901 was published for rubygems-update (RubyGems) May 13, 2022
RubyGems Improper Input Validation vulnerability Moderate
CVE-2018-1000077 was published for org.jruby:jruby-stdlib (RubyGems) May 14, 2022
RubyGems Improper Input Validation vulnerability High
CVE-2017-0900 was published for rubygems-update (RubyGems) May 14, 2022
protobuf-java has a potential Denial of Service issue Moderate
CVE-2022-3171 was published for com.google.protobuf:protobuf-java (RubyGems) Oct 4, 2022
Remote shell execution vulnerability in image_processing Critical
CVE-2022-24720 was published for image_processing (RubyGems) Mar 1, 2022
Ability to change order address without triggering address validations in solidus Moderate
CVE-2020-15109 was published for solidus_api (RubyGems) Aug 4, 2020
mamhoff kennyadsl
RubyGems Improper Input Validation vulnerability Moderate
CVE-2015-4020 was published for rubygems-update (RubyGems) May 17, 2022
jasnow
openshift-origin-node Improper Input Validation vulnerability Moderate
CVE-2014-0084 was published for openshift-origin-node (RubyGems) May 17, 2022
actionpack Improper Input Validation vulnerability Moderate
CVE-2011-2929 was published for actionpack (RubyGems) Oct 24, 2017
Rails activerecord gem has Improper Input Validation vulnerability Moderate
CVE-2010-3933 was published for activerecord (RubyGems) Oct 24, 2017
jasnow
Improper Input Validation in actionpack Moderate
CVE-2008-7248 was published for actionpack (RubyGems) Oct 24, 2017
jasnow
restforce vulnerable to Improper Input Validation Critical
CVE-2018-3777 was published for restforce (RubyGems) Aug 3, 2018
actionpack allows remote code execution via application's unrestricted use of render method High
CVE-2016-2098 was published for actionpack (RubyGems) Oct 24, 2017
GitLab Grit Gem for Ruby contains a flaw allowing arbitrary commands to be executed Moderate
CVE-2013-4489 was published for gitlab-grit (RubyGems) May 17, 2022
postmodern
Bundler may install gems from a different source than expected Moderate
CVE-2013-0334 was published for bundler (RubyGems) May 5, 2022
jasnow
i18n Vulnerable to Denial of Service Attack High
CVE-2014-10077 was published for i18n (RubyGems) May 14, 2022
jhutchings1
open-uri-cached Gem for Ruby Unsafe Temporary File Creation Enables Code Execution High
CVE-2015-3649 was published for open-uri-cached (RubyGems) May 13, 2022
Phusion Passenger allows remote attackers to spoof headers Low
CVE-2015-7519 was published for passenger (RubyGems) Oct 10, 2018
RubyGems passenger gem allows remote attackers to delete files High
CVE-2012-6135 was published for passenger (RubyGems) Apr 23, 2022
jasnow
PDFKit Improper Input Validation vulnerability Critical
CVE-2013-1607 was published for pdfkit (RubyGems) May 5, 2022
ProTip! Advisories are also available from the GraphQL API