Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

22 advisories

Loading
Sanitize vulnerable to Improper Input Validation and Cross-site Scripting High
CVE-2018-3740 was published for sanitize (RubyGems) Mar 21, 2018
actionpack Improper Input Validation vulnerability High
CVE-2013-0156 was published for actionpack (RubyGems) Oct 24, 2017
RubyGems may allow a maliciously crafted gem to overwrite files High
CVE-2017-0901 was published for rubygems-update (RubyGems) May 13, 2022
RubyGems Improper Input Validation vulnerability High
CVE-2017-0900 was published for rubygems-update (RubyGems) May 14, 2022
actionpack allows remote code execution via application's unrestricted use of render method High
CVE-2016-2098 was published for actionpack (RubyGems) Oct 24, 2017
i18n Vulnerable to Denial of Service Attack High
CVE-2014-10077 was published for i18n (RubyGems) May 14, 2022
jhutchings1
open-uri-cached Gem for Ruby Unsafe Temporary File Creation Enables Code Execution High
CVE-2015-3649 was published for open-uri-cached (RubyGems) May 13, 2022
RubyGems passenger gem allows remote attackers to delete files High
CVE-2012-6135 was published for passenger (RubyGems) Apr 23, 2022
jasnow
samlr XML nodes comment attack High
CVE-2018-20857 was published for samlr (RubyGems) Jul 31, 2019
nori contains Improper Input Validation High
CVE-2013-0285 was published for nori (RubyGems) Oct 24, 2017
tdunlap607
Moped Rubygem Data Injection Vulnerability High
CVE-2015-4410 was published for moped (RubyGems) Aug 19, 2020
Ox gem crashes due to a crafted input High
CVE-2017-15928 was published for ox (RubyGems) Nov 21, 2017
Rack allows Percent-encoded cookies to overwrite existing prefixed cookie names High
CVE-2020-8184 was published for rack (RubyGems) Jun 24, 2020
Unsafe object creation in json RubyGem High
CVE-2020-10663 was published for json (RubyGems) Jul 27, 2020
Mail Gem Improper Input Validation vulnerability High
CVE-2012-2140 was published for mail (RubyGems) Oct 24, 2017
Improper Input Validation in multi_xml High
CVE-2013-0175 was published for multi_xml (RubyGems) Oct 24, 2017
tdunlap607
JSON gem has Improper Input Validation vulnerability High
CVE-2013-0269 was published for json (RubyGems) Oct 24, 2017
High severity vulnerability that affects thin High
CVE-2009-3287 was published for thin (RubyGems) Oct 24, 2017
Puppet Improper Input Validation vulnerability High
CVE-2013-1655 was published for puppet (RubyGems) Oct 24, 2017
Puppet Improper Input Validation vulnerability High
CVE-2013-3567 was published for puppet (RubyGems) Oct 24, 2017
avo possible unsafe reflection / partial DoS vulnerability High
CVE-2023-34102 was published for avo (RubyGems) Jun 6, 2023
FLX-0x00
protobuf-java has potential Denial of Service issue High
CVE-2024-7254 was published for com.google.protobuf:protobuf-java (RubyGems) Sep 19, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database