Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

289 advisories

Loading
rswag vulnerable to arbitrary JSON and YAML file read via directory traversal High
CVE-2023-38337 was published for rswag (RubyGems) Jul 15, 2023
Active Record contains SQL Injection High
CVE-2012-6496 was published for activerecord (RubyGems) Oct 24, 2017
Remote code execution in dependabot-core branch names when cloning High
CVE-2020-26222 was published for dependabot-common (RubyGems) Nov 13, 2020
mrthankyou
omniauth-apple allows attacker to fake their email address during authentication High
CVE-2020-26254 was published for omniauth-apple (RubyGems) Dec 8, 2020
davidtaylorhq
JSON gem has Improper Input Validation vulnerability High
CVE-2013-0269 was published for json (RubyGems) Oct 24, 2017
RubyGems Escape sequence injection vulnerability in gem owner High
CVE-2019-8322 was published for rubygems-update (RubyGems) Jun 20, 2019
rgpg Code Injection vulnerability High
CVE-2013-4203 was published for rgpg (RubyGems) Oct 24, 2017
yajl-ruby gem Denial of Service vulnerability High
CVE-2017-16516 was published for yajl-ruby (RubyGems) Nov 28, 2017
tdunlap607
sprout Arbitrary Code Execution vulnerability High
CVE-2013-6421 was published for sprout (RubyGems) Oct 24, 2017
Arabic Prawn allows remote attackers to execute arbitrary commands via shell metacharacters High
CVE-2014-2322 was published for arabic-prawn (RubyGems) Oct 24, 2017
oliverchang
Improper Certificate Validation in chloride High
CVE-2018-6517 was published for chloride (RubyGems) Mar 25, 2019
crack does not properly restrict casts of string values High
CVE-2013-1800 was published for crack (RubyGems) Oct 24, 2017
Rack vulnerable to Denial of Service High
CVE-2018-16470 was published for rack (RubyGems) Nov 15, 2018
Spina gem vulnerable to Cross-site request forgery (CSRF) vulnerability High
CVE-2015-4619 was published for spina (RubyGems) Aug 28, 2018
Nokogiri has vulnerable dependencies on libxml2 and libxslt High
CVE-2021-30560 was published for nokogiri (RubyGems) May 24, 2022
Ruby OpenSSL DoS Vulnerability High
CVE-2017-14033 was published for openssl (RubyGems) May 14, 2022
Improper Input Validation in multi_xml High
CVE-2013-0175 was published for multi_xml (RubyGems) Oct 24, 2017
tdunlap607
High severity vulnerability that affects jquery-ui High
GHSA-g8q2-24jh-5hpc was published for jQuery.UI.Combined (RubyGems) Jul 27, 2018 withdrawn
Possible Strong Parameters Bypass in ActionPack High
CVE-2020-8164 was published for actionpack (RubyGems) May 26, 2020
navhits
Inefficient Regular Expression Complexity in rails-html-sanitizer High
CVE-2022-23517 was published for rails-html-sanitizer (RubyGems) Dec 13, 2022
Uncontrolled Recursion in Loofah High
CVE-2022-23516 was published for loofah (RubyGems) Dec 13, 2022
Inefficient Regular Expression Complexity in Loofah High
CVE-2022-23514 was published for loofah (RubyGems) Dec 13, 2022
lawn-login exposes database password to unauthorized users High
CVE-2014-5000 was published for lawn-login (RubyGems) Jan 22, 2018
Mail Gem Improper Input Validation vulnerability High
CVE-2012-2140 was published for mail (RubyGems) Oct 24, 2017
Improper Privilege Management in devise_masquerade High
CVE-2021-28680 was published for devise_masquerade (RubyGems) Dec 8, 2021
ProTip! Advisories are also available from the GraphQL API