GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+
289 advisories
Filter by severity
Decidim cross-site scripting (XSS) in the pagination
High
CVE-2024-32469
was published
for
decidim
(RubyGems)
Jul 10, 2024
Directory traversal vulnerability in Action View in Ruby on Rails
High
CVE-2016-0752
was published
for
actionpack
(RubyGems)
Oct 24, 2017
avo vulnerable to Stored XSS (Cross Site Scripting) in html content based fields
High
CVE-2023-34103
was published
for
avo
(RubyGems)
Jun 6, 2023
avo possible unsafe reflection / partial DoS vulnerability
High
CVE-2023-34102
was published
for
avo
(RubyGems)
Jun 6, 2023
activeadmin vulnerable to stored persistent cross-site scripting (XSS) in dynamic form legends
High
CVE-2024-37031
was published
for
activeadmin
(RubyGems)
Jun 2, 2024
rack-contrib vulnerable to Denial of Service due to the unconstrained value of the incoming "profiler_runs" parameter
High
CVE-2024-35231
was published
for
rack-contrib
(RubyGems)
May 28, 2024
Phlex vulnerable to Cross-site Scripting (XSS) via maliciously formed HTML attribute names and values
High
CVE-2024-32970
was published
for
phlex
(RubyGems)
May 1, 2024
sidekiq vulnerable to cross-site scripting
High
CVE-2023-1892
was published
for
sidekiq
(RubyGems)
Apr 21, 2023
Denial of Service Vulnerability in gRPC TCP Server (Posix-compatible platforms)
High
CVE-2023-4785
was published
for
grpc
(RubyGems)
Sep 13, 2023
WEBRick vulnerable to HTTP Request/Response Smuggling
High
CVE-2020-25613
was published
for
webrick
(RubyGems)
May 24, 2022
Cross-site Scripting (XSS) possible due to improper sanitisation of `href` attributes on `<a>` tags
High
CVE-2024-32463
was published
for
phlex
(RubyGems)
Apr 17, 2024
StimulusReflex arbitrary method call
High
CVE-2024-28121
was published
for
stimulus_reflex
(RubyGems)
Mar 12, 2024
TurboBoost Commands vulnerable to arbitrary method invocation
High
CVE-2024-28181
was published
for
@turbo-boost/commands
(RubyGems)
Mar 15, 2024
Cross-site Scripting (XSS) possible with maliciously formed HTML attribute names and values in Phlex
High
CVE-2024-28199
was published
for
phlex
(RubyGems)
Mar 12, 2024
Path Traversal vulnerability that affects yard
High
CVE-2019-1020001
was published
for
yard
(RubyGems)
Jul 2, 2019
XSS sidekiq-unique-jobs UI server vulnerability
High
CVE-2024-25122
was published
for
sidekiq-unique-jobs
(RubyGems)
Feb 13, 2024
OmniAuth Ruby gem Cross-site Request Forgery in request phase
High
CVE-2015-9284
was published
for
omniauth
(RubyGems)
May 29, 2019
WEBrick Denial of Service Vulnerability
High
CVE-2008-4310
was published
for
webrick
(RubyGems)
May 2, 2022
SQL Injection Vulnerability via ActiveRecord comments
High
CVE-2023-22794
was published
for
activerecord
(RubyGems)
Jan 18, 2023
Exposure of information in Action Pack
High
CVE-2022-23633
was published
for
actionpack
(RubyGems)
Feb 11, 2022
hammer_cli_foreman Improper Certificate Validation vulnerability
High
CVE-2017-2667
was published
for
hammer_cli_foreman
(RubyGems)
May 13, 2022
Regular expression denial of service vulnerability (ReDoS) in date
High
CVE-2021-41817
was published
for
date
(RubyGems)
Nov 16, 2021
ProTip!
Advisories are also available from the
GraphQL API