GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
885 advisories
Filter by severity
Password Pusher rate limiter can be bypassed by forging proxy headers
Moderate
CVE-2024-52796
was published
for
pwpush
(RubyGems)
Nov 20, 2024
Sinatra vulnerable to Reliance on Untrusted Inputs in a Security Decision
Moderate
CVE-2024-21510
was published
for
sinatra
(RubyGems)
Nov 1, 2024
REXML denial of service vulnerability
High
CVE-2024-43398
was published
for
rexml
(RubyGems)
Aug 22, 2024
Decidim cross-site scripting (XSS) in the pagination
Moderate
CVE-2024-32469
was published
for
decidim
(RubyGems)
Jul 10, 2024
RDoc RCE vulnerability with .rdoc_options
Low
CVE-2024-27281
was published
for
rdoc
(RubyGems)
Mar 25, 2024
Potential Denial-of-Service in bindata
Moderate
CVE-2021-32823
was published
for
bindata
(RubyGems)
Jun 23, 2021
Autolab Misconfigured Reset Password Permissions
High
CVE-2024-49376
was published
for
Autolab
(RubyGems)
Oct 25, 2024
Decidim-Awesome has SQL injection in AdminAccountability
High
CVE-2024-43415
was published
for
decidim-decidim_awesome
(RubyGems)
Nov 12, 2024
OpenC3 stores passwords in clear text (`GHSL-2024-129`)
Moderate
CVE-2024-47529
was published
for
@openc3/tool-common
(RubyGems)
Oct 2, 2024
decidim-meetings Cross-site scripting vulnerability in the online or hybrid meeting embeds
Moderate
CVE-2024-45594
was published
for
decidim-meetings
(RubyGems)
Nov 13, 2024
Potential XSS vulnerability in jQuery
Moderate
CVE-2020-11022
was published
for
jquery
(RubyGems)
Apr 29, 2020
XSS in jQuery as used in Drupal, Backdrop CMS, and other products
Moderate
CVE-2019-11358
was published
for
django
(RubyGems)
Apr 26, 2019
Rack ReDoS Vulnerability in HTTP Accept Headers Parsing
Moderate
CVE-2024-39316
was published
for
rack
(RubyGems)
Jul 3, 2024
Possible ReDoS vulnerability in block_format in Action Mailer
Moderate
CVE-2024-47889
was published
for
actionmailer
(RubyGems)
Oct 15, 2024
Possible ReDoS vulnerability in plain_text_for_blockquote_node in Action Text
Moderate
CVE-2024-47888
was published
for
actiontext
(RubyGems)
Oct 15, 2024
Possible ReDoS vulnerability in HTTP Token authentication in Action Controller
Moderate
CVE-2024-47887
was published
for
actionpack
(RubyGems)
Oct 15, 2024
OpenC3 Path Traversal via screen controller (`GHSL-2024-127`)
High
CVE-2024-46977
was published
for
openc3
(RubyGems)
Oct 2, 2024
OpenC3 Cross-site Scripting in Login functionality (`GHSL-2024-128`)
Moderate
CVE-2024-43795
was published
for
@openc3/tool-common
(RubyGems)
Oct 2, 2024
MPXJ has a Potential Path Traversal Vulnerability
Moderate
CVE-2024-49771
was published
for
MPXJ.Net
(RubyGems)
Oct 28, 2024
jQuery UI vulnerable to XSS when refreshing a checkboxradio with an HTML-like initial text label
Moderate
CVE-2022-31160
was published
for
jQuery.UI.Combined
(RubyGems)
Jul 18, 2022
activeadmin vulnerable to stored persistent cross-site scripting (XSS) in dynamic form legends
High
CVE-2024-37031
was published
for
activeadmin
(RubyGems)
Jun 2, 2024
camaleon_cms affected by cross site scripting
Moderate
CVE-2024-48652
was published
for
camaleon_cms
(RubyGems)
Oct 23, 2024
netaddr before 1.5.3 and 2.0.4 has Incorrect Default Permissions
Critical
CVE-2019-17383
was published
for
netaddr
(RubyGems)
Oct 14, 2019
Missing Initialization of Resource in Apache Arrow
High
CVE-2019-12408
was published
for
pyarrow
(RubyGems)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API