Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

388 advisories

Loading
radiant vulnerable to Cross-site Scripting Moderate
CVE-2018-7261 was published for radiant (RubyGems) Jul 27, 2018
Improper Certificate Validation in TweetStream Moderate
CVE-2020-24393 was published for tweetstream (RubyGems) Apr 13, 2021
ldap_fluff authentication bypass Moderate
CVE-2012-5604 was published for ldap_fluff (RubyGems) May 14, 2022
Camaleon CMS Stored Cross-site Scripting vulnerability Moderate
CVE-2021-25969 was published for camaleon_cms (RubyGems) May 24, 2022
Authlogic Information Exposure vulnerability Moderate
CVE-2012-6497 was published for authlogic (RubyGems) May 14, 2022
VladTheEnterprising allows local users to write to arbitrary files via a symlink attack Moderate
CVE-2014-4996 was published for VladTheEnterprising (RubyGems) May 14, 2022
Ember.js Cross-site Scripting vulnerability Moderate
CVE-2014-0013 was published for ember-source (RubyGems) May 14, 2022
katello Improper Privilege Management vulnerability Moderate
CVE-2017-2662 was published for katello (RubyGems) May 13, 2022
Phusion Passenger information disclosure Moderate
CVE-2017-16355 was published for passenger (RubyGems) May 13, 2022
jhutchings1
Phusion Passenger incorrect permission assignment Moderate
CVE-2018-12615 was published for passenger (RubyGems) May 13, 2022
jhutchings1
Tarball permission preservation in puppet Moderate
CVE-2017-10689 was published for puppet (RubyGems) May 13, 2022
BenK0lin
Cross site scripting in publify Moderate
CVE-2021-25974 was published for publify_core (RubyGems) May 24, 2022
Cross site scripting in publify Moderate
CVE-2021-25975 was published for publify_core (RubyGems) May 24, 2022
Mechanize before v2.8.5 vulnerable to authorization header leak on port redirect Moderate
CVE-2022-31033 was published for mechanize (RubyGems) Jun 9, 2022
update_by_case before 0.1.3 can be vulnerable to sql injection Moderate
CVE-2022-35956 was published for update_by_case (RubyGems) Aug 11, 2022
Externally Controlled Reference to a Resource in Another Sphere in ruby-mysql Moderate
CVE-2021-3779 was published for ruby-mysql (RubyGems) Jun 29, 2022
Gollum Cross-site Scripting vulnerability via filename parameter to New Page dialog Moderate
CVE-2020-35305 was published for gollum (RubyGems) Jul 16, 2022
net-ldap Improper Certificate Validation vulnerability Moderate
CVE-2017-17718 was published for net-ldap (RubyGems) Jan 6, 2018
Fat Free CRM vulnerable to Remote Denial of Service via Tasks endpoint Moderate
CVE-2022-39281 was published for fat_free_crm (RubyGems) Oct 7, 2022
p-
Duplicate Advisory: Moderate severity vulnerability that affects activemodel Moderate
GHSA-v543-gqhh-6gww was published for activemodel (RubyGems) Sep 17, 2018 withdrawn
Improper Certificate Validation in twitter-stream Moderate
CVE-2020-24392 was published for twitter-stream (RubyGems) Mar 29, 2021
text_helpers uses web link to untrusted target with window.opener access Moderate
CVE-2020-36624 was published for text_helpers (RubyGems) Dec 22, 2022
Radiant CMS vulnerable to Cross-site Scripting Moderate
CVE-2018-5216 was published for radiant (RubyGems) Jan 6, 2018
Cross site scripting vulnerability in ActionView Moderate
CVE-2020-5267 was published for actionview (RubyGems) Mar 19, 2020
jessecampos
Clockwork Web contains a Cross-Site Request Forgery Vulnerability with Rails < 5.2 Moderate
CVE-2023-25015 was published for clockwork_web (RubyGems) Feb 2, 2023
ProTip! Advisories are also available from the GraphQL API