Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

108,886 advisories

Loading
facter, hiera, mcollective-client, and puppet affected by untrusted search path vulnerability Moderate
CVE-2014-3248 was published for facter (RubyGems) Oct 24, 2017
Root Path Disclosure in send Moderate
CVE-2015-8859 was published for send (npm) Oct 24, 2017
tdunlap607
Mail Gem CRLF Injection vulnerability Moderate
CVE-2015-9097 was published for mail (RubyGems) Oct 24, 2017
Moderate severity vulnerability that affects validator Moderate
GHSA-9959-c6q6-6qp3 was published for validator (npm) Oct 24, 2017 withdrawn
Moderate severity vulnerability that affects handlebars Moderate
GHSA-fmr4-7g9q-7hc7 was published for handlebars (npm) Oct 24, 2017 withdrawn
rails-html-sanitizer Cross-site Scripting vulnerability Moderate
CVE-2015-7579 was published for rails-html-sanitizer (RubyGems) Oct 24, 2017
Moderate severity vulnerability that affects validator Moderate
CVE-2013-7451 was published for validator (npm) Oct 24, 2017
Multiple XSS Filter Bypasses in validator Moderate
CVE-2013-7454 was published for validator (npm) Oct 24, 2017
actionpack Improper Input Validation vulnerability Moderate
CVE-2014-0082 was published for actionpack (RubyGems) Oct 24, 2017
Moderate severity vulnerability that affects validator Moderate
CVE-2013-7453 was published for validator (npm) Oct 24, 2017
Moderate severity vulnerability that affects validator Moderate
CVE-2013-7452 was published for validator (npm) Oct 24, 2017
CORS Token Disclosure in crumb Moderate
CVE-2014-7193 was published for crumb (npm) Oct 24, 2017
Moderate severity vulnerability that affects ember Moderate
GHSA-vxp4-25qp-86qh was published for ember (npm) Oct 24, 2017 withdrawn
VBScript Content Injection in marked Moderate
CVE-2015-1370 was published for marked (npm) Oct 24, 2017
actionpack Cross-site Scripting vulnerability Moderate
CVE-2013-6416 was published for actionpack (RubyGems) Oct 24, 2017
Cross-Site Scripting in serve-index Moderate
CVE-2015-8856 was published for serve-index (npm) Oct 24, 2017
tdunlap607
Web Console (Ruby gem) contains whitelisted_ips bypass Moderate
CVE-2015-3224 was published for web-console (RubyGems) Oct 24, 2017
rbovirt uses the rest-client gem with SSL verification disabled Moderate
CVE-2014-0036 was published for rbovirt (RubyGems) Oct 24, 2017
Rack vulnerable to Denial of Service via large parameter depth request Moderate
CVE-2015-3225 was published for rack (RubyGems) Oct 24, 2017
sentry-raven allows remote attackers to cause a denial of service via a large exponent value in a scientific number Moderate
CVE-2014-9490 was published for sentry-raven (RubyGems) Oct 24, 2017
RDoc contains XSS vulnerability Moderate
CVE-2013-0256 was published for rdoc (RubyGems) Oct 24, 2017
Script Injection in Show In Browser gem Moderate
CVE-2013-2105 was published for show_in_browser (RubyGems) Oct 24, 2017
Phusion Passenger Denial of Service Moderate
CVE-2013-2119 was published for passenger (RubyGems) Oct 24, 2017
jquery-ui Tooltip widget vulnerable to XSS Moderate
CVE-2012-6662 was published for jQuery.UI.Combined (RubyGems) Oct 24, 2017
Pupper does not properly restrict characters in Common Name field of Certificate Signing Request Moderate
CVE-2012-3867 was published for puppet (RubyGems) Oct 24, 2017
ProTip! Advisories are also available from the GraphQL API