Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

93,441 advisories

Loading
High severity vulnerability that affects rails. High
CVE-2006-4112 was published for rails (RubyGems) Oct 24, 2017
Ruby on Rails vulnerable to code injection High
CVE-2006-4111 was published for rails (RubyGems) Oct 24, 2017
activerecord vulnerable to SQL Injection High
CVE-2011-0448 was published for activerecord (RubyGems) Oct 24, 2017
tdunlap607
actionpack allows remote attackers to bypass intended access restrictions High
CVE-2011-0449 was published for actionpack (RubyGems) Oct 24, 2017
ShayAry
activerecord vulnerable to SQL Injection High
CVE-2011-2930 was published for activerecord (RubyGems) Oct 24, 2017
activerecord vulnerable to SQL Injection High
CVE-2012-2695 was published for activerecord (RubyGems) Oct 24, 2017
Remote code execution in rwiki High
CVE-2006-2582 was published for rwiki (RubyGems) Oct 24, 2017
Mail Gem Improper Input Validation vulnerability High
CVE-2012-2140 was published for mail (RubyGems) Oct 24, 2017
Rails ActiveRecord gem vulnerable to SQL injection High
CVE-2008-4094 was published for activerecord (RubyGems) Oct 24, 2017
jasnow
Keystone is vulnerable to CSV injection High
CVE-2017-15879 was published for keystone (npm) Nov 16, 2017
gollum and gollum-lib allow remote authenticated users to execute arbitrary code High
CVE-2014-9489 was published for gollum (RubyGems) Nov 16, 2017
Ox gem crashes due to a crafted input High
CVE-2017-15928 was published for ox (RubyGems) Nov 21, 2017
Potential Command Injection in codem-transcode High
CVE-2013-7377 was published for codem-transcode (npm) Nov 28, 2017
yajl-ruby gem Denial of Service vulnerability High
CVE-2017-16516 was published for yajl-ruby (RubyGems) Nov 28, 2017
tdunlap607
Cross-Site Request Forgery (CSRF) in keystone High
CVE-2017-16570 was published for keystone (npm) Nov 30, 2017
private_address_check contains Incomplete List of Disallowed Inputs High
CVE-2017-0909 was published for private_address_check (RubyGems) Nov 30, 2017
Next.js Directory Traversal Vulnerability High
CVE-2017-16877 was published for next (npm) Dec 5, 2017
tdunlap607
Out-of-bounds read in nokogiri High
CVE-2017-9050 was published for nokogiri (RubyGems) Dec 13, 2017
auth0-js Privilege Escalation Vulnerability High
CVE-2017-17068 was published for auth0-js (npm) Dec 21, 2017
Arbitrary file read vulnerability in yard server High
CVE-2017-17042 was published for yard (RubyGems) Dec 21, 2017
Duplicate advisory: High severity vulnerability that affects passport-wsfed-saml2 High
GHSA-7fpw-cfc4-3p2c was published for passport-wsfed-saml2 (npm) Dec 28, 2017 withdrawn
Denial of Service in ecstatic High
CVE-2016-10703 was published for ecstatic (npm) Dec 28, 2017
Samlify vulnerable to Authentication Bypass by allowing tokens to be reused with different usernames High
CVE-2017-1000452 was published for samlify (npm) Jan 4, 2018
eoftedal
Denial of Service in jquery High
CVE-2016-10707 was published for jQuery (RubyGems) Jan 22, 2018
lawn-login exposes database password to unauthorized users High
CVE-2014-5000 was published for lawn-login (RubyGems) Jan 22, 2018
ProTip! Advisories are also available from the GraphQL API