GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
832 advisories
Filter by severity
RedCloth Cross-site Scripting vulnerability
Moderate
CVE-2012-6684
was published
for
redcloth
(RubyGems)
Oct 24, 2017
Devise does not properly perform type conversion when performing database queries
Moderate
CVE-2013-0233
was published
for
devise
(RubyGems)
Oct 24, 2017
Cocaine Gem OS Command Injection vulnerability
Moderate
CVE-2013-4457
was published
for
cocaine
(RubyGems)
Oct 24, 2017
Shell command injection in command_wrap
High
CVE-2013-1875
was published
for
command_wrap
(RubyGems)
Oct 24, 2017
i18n gem Cross-site Scripting vulnerability
Moderate
CVE-2013-4492
was published
for
i18n
(RubyGems)
Oct 24, 2017
actionmailer email address processing causes Denial of service
Moderate
CVE-2013-4389
was published
for
actionmailer
(RubyGems)
Oct 24, 2017
Sounder Contains Arbitrary Command Execution Vulnerability
High
CVE-2013-5647
was published
for
sounder
(RubyGems)
Oct 24, 2017
Wicked gem contains Path traversal vulnerability
Moderate
CVE-2013-4413
was published
for
wicked
(RubyGems)
Oct 24, 2017
ldoce Gem Arbitrary Command Execution
Moderate
CVE-2013-1911
was published
for
ldoce
(RubyGems)
Oct 24, 2017
Curl Gem insufficient URL escaping command injection
High
CVE-2013-2617
was published
for
curl
(RubyGems)
Oct 24, 2017
omniauth-oauth2 Cross-Site Request Forgery vulnerability
Moderate
CVE-2012-6134
was published
for
omniauth-oauth2
(RubyGems)
Oct 24, 2017
Spree Improper Input Validation vulnerability
Moderate
CVE-2013-1656
was published
for
spree
(RubyGems)
Oct 24, 2017
insecure temporary directory usage in passenger
Moderate
CVE-2013-4136
was published
for
passenger
(RubyGems)
Oct 24, 2017
Denial of service in ruby-openid
Moderate
CVE-2013-1812
was published
for
ruby-openid
(RubyGems)
Oct 24, 2017
activesupport Cross-site Scripting vulnerability
Moderate
CVE-2012-3464
was published
for
activesupport
(RubyGems)
Oct 24, 2017
Improper Input Validation in multi_xml
High
CVE-2013-0175
was published
for
multi_xml
(RubyGems)
Oct 24, 2017
JSON gem has Improper Input Validation vulnerability
High
CVE-2013-0269
was published
for
json
(RubyGems)
Oct 24, 2017
activesupport Improper Input Validation vulnerability
Moderate
CVE-2013-1856
was published
for
activesupport
(RubyGems)
Oct 24, 2017
MiniMagick Gem for Ruby URI Handling Arbitrary Command Injection
High
CVE-2013-2616
was published
for
mini_magick
(RubyGems)
Oct 24, 2017
newrelic_rpm Gem Discloses Sensitive Information
Moderate
CVE-2013-0284
was published
for
newrelic_rpm
(RubyGems)
Oct 24, 2017
Creme Fraiche contains OS Command Injection
Critical
CVE-2013-2090
was published
for
cremefraiche
(RubyGems)
Oct 24, 2017
Active Record contains SQL Injection
High
CVE-2012-6496
was published
for
activerecord
(RubyGems)
Oct 24, 2017
Rails vulnerable to Cross-site Scripting
Moderate
CVE-2014-0081
was published
for
actionpack
(RubyGems)
Oct 24, 2017
Array data injection vulnerability in activerecord
Moderate
CVE-2014-0080
was published
for
activerecord
(RubyGems)
Oct 24, 2017
ProTip!
Advisories are also available from the
GraphQL API