GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
289 advisories
Filter by severity
Out-of-bounds Write in zlib affects Nokogiri
High
GHSA-v6gp-9mmm-c6p5
was published
for
nokogiri
(RubyGems)
Apr 11, 2022
Denial of Service (DoS) in Nokogiri on JRuby
High
GHSA-gx8x-g87m-h5q6
was published
for
nokogiri
(RubyGems)
Apr 11, 2022
Vulnerable dependencies in Nokogiri
High
GHSA-fq42-c5rg-92c2
was published
for
nokogiri
(RubyGems)
Feb 25, 2022
Pageflow vulnerable to sensitive user data extraction via Ransack query injection
High
GHSA-wrrw-crp8-979q
was published
for
pageflow
(RubyGems)
Sep 15, 2022
Pageflow vulnerable to insecure direct object reference in membership update endpoint
High
GHSA-qcqv-38jg-2r43
was published
for
pageflow
(RubyGems)
Sep 15, 2022
High severity vulnerability that affects safemode
High
GHSA-8474-rc7c-wrhp
was published
for
safemode
(RubyGems)
Aug 8, 2018
•
withdrawn
High severity vulnerability that affects colorscore
High
GHSA-9wcm-rrvh-qjc8
was published
for
colorscore
(RubyGems)
Aug 15, 2018
•
withdrawn
High severity vulnerability that affects espeak-ruby
High
GHSA-w655-w578-99pq
was published
for
espeak-ruby
(RubyGems)
Aug 21, 2018
•
withdrawn
High severity vulnerability that affects activerecord
High
GHSA-hm48-76wh-q86v
was published
for
activerecord
(RubyGems)
Aug 21, 2018
•
withdrawn
High severity vulnerability that affects actionpack
High
GHSA-hx46-vwmx-wx95
was published
for
actionpack
(RubyGems)
Aug 13, 2018
•
withdrawn
High severity vulnerability that affects many_versioned_gem
High
GHSA-hhxm-4f85-rgr8
was published
for
many_versioned_gem
(RubyGems)
Feb 5, 2019
•
withdrawn
High severity vulnerability that affects festivaltts4r
High
GHSA-9wv8-jgw4-4g28
was published
for
festivaltts4r
(RubyGems)
Aug 15, 2018
•
withdrawn
High severity vulnerability that affects rubyzip
High
GHSA-3q5q-f79q-7hr2
was published
for
rubyzip
(RubyGems)
Jul 31, 2018
•
withdrawn
Denial of Service in uap-core when processing crafted User-Agent strings
High
GHSA-pcqq-5962-hvcw
was published
for
user_agent_parser
(RubyGems)
Mar 10, 2020
ProTip!
Advisories are also available from the
GraphQL API