GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,093
Composer 4,077
Erlang 29
GitHub Actions 19
Go 1,902
Maven 5,100
npm 3,631
NuGet 638
pip 3,246
Pub 10
RubyGems 863
Rust 818
Swift 35

Unreviewed advisories

All unreviewed 228,440

CC-BY-4.0 License

Language support

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

25 advisories

Filter by severity

Sort by

Least recently updated

activemodel contains Improper Input Validation Moderate

CVE-2016-0753 was published for activemodel (RubyGems) Oct 24, 2017

actionpack Improper Input Validation vulnerability Moderate

CVE-2014-0082 was published for actionpack (RubyGems) Oct 24, 2017

Spree Improper Input Validation vulnerability Moderate

CVE-2013-1656 was published for spree (RubyGems) Oct 24, 2017

ldoce Gem Arbitrary Command Execution Moderate

CVE-2013-1911 was published for ldoce (RubyGems) Oct 24, 2017

activesupport Improper Input Validation vulnerability Moderate

CVE-2013-1856 was published for activesupport (RubyGems) Oct 24, 2017

actionpack Improper Input Validation vulnerability Moderate

CVE-2013-6414 was published for actionpack (RubyGems) Oct 24, 2017

Active Record Improper Input Validation Moderate

CVE-2013-1854 was published for activerecord (RubyGems) Oct 24, 2017

WEBrick Improper Input Validation vulnerability Moderate

CVE-2009-4492 was published for webrick (RubyGems) Oct 24, 2017

Mail Improper Input Validation vulnerability Moderate

CVE-2011-0739 was published for mail (RubyGems) Oct 24, 2017

Improper Input Validation in actionpack Moderate

CVE-2008-7248 was published for actionpack (RubyGems) Oct 24, 2017

Rails activerecord gem has Improper Input Validation vulnerability Moderate

CVE-2010-3933 was published for activerecord (RubyGems) Oct 24, 2017

actionpack Improper Input Validation vulnerability Moderate

CVE-2011-3187 was published for actionpack (RubyGems) Oct 24, 2017

actionpack Improper Input Validation vulnerability Moderate

CVE-2011-2929 was published for actionpack (RubyGems) Oct 24, 2017

Gyazo allows local users to write arbitrary files Moderate

CVE-2014-4994 was published for gyazo (RubyGems) Jan 22, 2018

Ciborg gem for Ruby allows local users to write files and gain privileges via Symlink Moderate

CVE-2014-5003 was published for ciborg (RubyGems) Jul 23, 2018

Denial of Service in uap-core when processing crafted User-Agent strings Moderate

CVE-2020-5243 was published for uap-core (RubyGems) Feb 20, 2020

Ability to change order address without triggering address validations in solidus Moderate

CVE-2020-15109 was published for solidus_api (RubyGems) Aug 4, 2020

Bundler may install gems from a different source than expected Moderate

CVE-2013-0334 was published for bundler (RubyGems) May 5, 2022

RubyGems Improper Input Validation vulnerability Moderate

CVE-2018-1000077 was published for org.jruby:jruby-stdlib (RubyGems) May 14, 2022

RubyGems Improper Input Validation vulnerability Moderate

CVE-2015-4020 was published for rubygems-update (RubyGems) May 17, 2022

GitLab Grit Gem for Ruby contains a flaw allowing arbitrary commands to be executed Moderate

CVE-2013-4489 was published for gitlab-grit (RubyGems) May 17, 2022

openshift-origin-node Improper Input Validation vulnerability Moderate

CVE-2014-0084 was published for openshift-origin-node (RubyGems) May 17, 2022

protobuf-java has a potential Denial of Service issue Moderate

CVE-2022-3171 was published for com.google.protobuf:protobuf-java (RubyGems) Oct 4, 2022

Fat Free CRM vulnerable to Remote Denial of Service via Tasks endpoint Moderate

CVE-2022-39281 was published for fat_free_crm (RubyGems) Oct 7, 2022

Missing security headers in Action Pack on non-HTML responses Moderate

CVE-2024-28103 was published for actionpack (RubyGems) Jun 4, 2024

ProTip! Advisories are also available from the GraphQL API

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

25 advisories