Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

54 advisories

Loading
protobuf-java has potential Denial of Service issue High
CVE-2024-7254 was published for com.google.protobuf:protobuf-java (RubyGems) Sep 19, 2024
avo possible unsafe reflection / partial DoS vulnerability High
CVE-2023-34102 was published for avo (RubyGems) Jun 6, 2023
FLX-0x00
Missing security headers in Action Pack on non-HTML responses Moderate
CVE-2024-28103 was published for actionpack (RubyGems) Jun 4, 2024
shinkbr
Denial of Service in uap-core when processing crafted User-Agent strings Moderate
CVE-2020-5243 was published for uap-core (RubyGems) Feb 20, 2020
bcaller
activemodel contains Improper Input Validation Moderate
CVE-2016-0753 was published for activemodel (RubyGems) Oct 24, 2017
actionpack Improper Input Validation vulnerability Moderate
CVE-2014-0082 was published for actionpack (RubyGems) Oct 24, 2017
WEBrick Improper Input Validation vulnerability Moderate
CVE-2009-4492 was published for webrick (RubyGems) Oct 24, 2017
G-Rath
actionpack Improper Input Validation vulnerability Moderate
CVE-2011-3187 was published for actionpack (RubyGems) Oct 24, 2017
Puppet Improper Input Validation vulnerability High
CVE-2013-3567 was published for puppet (RubyGems) Oct 24, 2017
Puppet Improper Input Validation vulnerability High
CVE-2013-1655 was published for puppet (RubyGems) Oct 24, 2017
actionpack Improper Input Validation vulnerability Moderate
CVE-2013-6414 was published for actionpack (RubyGems) Oct 24, 2017
High severity vulnerability that affects thin High
CVE-2009-3287 was published for thin (RubyGems) Oct 24, 2017
Ciborg gem for Ruby allows local users to write files and gain privileges via Symlink Moderate
CVE-2014-5003 was published for ciborg (RubyGems) Jul 23, 2018
activesupport Improper Input Validation vulnerability Moderate
CVE-2013-1856 was published for activesupport (RubyGems) Oct 24, 2017
JSON gem has Improper Input Validation vulnerability High
CVE-2013-0269 was published for json (RubyGems) Oct 24, 2017
Spree Improper Input Validation vulnerability Moderate
CVE-2013-1656 was published for spree (RubyGems) Oct 24, 2017
ldoce Gem Arbitrary Command Execution Moderate
CVE-2013-1911 was published for ldoce (RubyGems) Oct 24, 2017
Mail Improper Input Validation vulnerability Moderate
CVE-2011-0739 was published for mail (RubyGems) Oct 24, 2017
Improper Input Validation in multi_xml High
CVE-2013-0175 was published for multi_xml (RubyGems) Oct 24, 2017
tdunlap607
Mail Gem Improper Input Validation vulnerability High
CVE-2012-2140 was published for mail (RubyGems) Oct 24, 2017
Gyazo allows local users to write arbitrary files Moderate
CVE-2014-4994 was published for gyazo (RubyGems) Jan 22, 2018
Unsafe object creation in json RubyGem High
CVE-2020-10663 was published for json (RubyGems) Jul 27, 2020
Rack allows Percent-encoded cookies to overwrite existing prefixed cookie names High
CVE-2020-8184 was published for rack (RubyGems) Jun 24, 2020
Improper Input Validation in simple_form Critical
CVE-2019-16676 was published for simple_form (RubyGems) Sep 30, 2019
kurt-r2c
Ox gem crashes due to a crafted input High
CVE-2017-15928 was published for ox (RubyGems) Nov 21, 2017
ProTip! Advisories are also available from the GraphQL API