GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
289 advisories
Filter by severity
rswag vulnerable to arbitrary JSON and YAML file read via directory traversal
High
CVE-2023-38337
was published
for
rswag
(RubyGems)
Jul 15, 2023
Active Record contains SQL Injection
High
CVE-2012-6496
was published
for
activerecord
(RubyGems)
Oct 24, 2017
Remote code execution in dependabot-core branch names when cloning
High
CVE-2020-26222
was published
for
dependabot-common
(RubyGems)
Nov 13, 2020
omniauth-apple allows attacker to fake their email address during authentication
High
CVE-2020-26254
was published
for
omniauth-apple
(RubyGems)
Dec 8, 2020
JSON gem has Improper Input Validation vulnerability
High
CVE-2013-0269
was published
for
json
(RubyGems)
Oct 24, 2017
RubyGems Escape sequence injection vulnerability in gem owner
High
CVE-2019-8322
was published
for
rubygems-update
(RubyGems)
Jun 20, 2019
yajl-ruby gem Denial of Service vulnerability
High
CVE-2017-16516
was published
for
yajl-ruby
(RubyGems)
Nov 28, 2017
sprout Arbitrary Code Execution vulnerability
High
CVE-2013-6421
was published
for
sprout
(RubyGems)
Oct 24, 2017
Arabic Prawn allows remote attackers to execute arbitrary commands via shell metacharacters
High
CVE-2014-2322
was published
for
arabic-prawn
(RubyGems)
Oct 24, 2017
crack does not properly restrict casts of string values
High
CVE-2013-1800
was published
for
crack
(RubyGems)
Oct 24, 2017
Improper Certificate Validation in chloride
High
CVE-2018-6517
was published
for
chloride
(RubyGems)
Mar 25, 2019
Spina gem vulnerable to Cross-site request forgery (CSRF) vulnerability
High
CVE-2015-4619
was published
for
spina
(RubyGems)
Aug 28, 2018
Rack vulnerable to Denial of Service
High
CVE-2018-16470
was published
for
rack
(RubyGems)
Nov 15, 2018
Nokogiri has vulnerable dependencies on libxml2 and libxslt
High
CVE-2021-30560
was published
for
nokogiri
(RubyGems)
May 24, 2022
Ruby OpenSSL DoS Vulnerability
High
CVE-2017-14033
was published
for
openssl
(RubyGems)
May 14, 2022
Improper Input Validation in multi_xml
High
CVE-2013-0175
was published
for
multi_xml
(RubyGems)
Oct 24, 2017
High severity vulnerability that affects jquery-ui
High
GHSA-g8q2-24jh-5hpc
was published
for
jQuery.UI.Combined
(RubyGems)
Jul 27, 2018
•
withdrawn
Possible Strong Parameters Bypass in ActionPack
High
CVE-2020-8164
was published
for
actionpack
(RubyGems)
May 26, 2020
Inefficient Regular Expression Complexity in rails-html-sanitizer
High
CVE-2022-23517
was published
for
rails-html-sanitizer
(RubyGems)
Dec 13, 2022
Uncontrolled Recursion in Loofah
High
CVE-2022-23516
was published
for
loofah
(RubyGems)
Dec 13, 2022
Inefficient Regular Expression Complexity in Loofah
High
CVE-2022-23514
was published
for
loofah
(RubyGems)
Dec 13, 2022
lawn-login exposes database password to unauthorized users
High
CVE-2014-5000
was published
for
lawn-login
(RubyGems)
Jan 22, 2018
Mail Gem Improper Input Validation vulnerability
High
CVE-2012-2140
was published
for
mail
(RubyGems)
Oct 24, 2017
Improper Privilege Management in devise_masquerade
High
CVE-2021-28680
was published
for
devise_masquerade
(RubyGems)
Dec 8, 2021
ProTip!
Advisories are also available from the
GraphQL API