GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
289 advisories
Filter by severity
Improper certificate validation in em-imap
High
CVE-2020-13163
was published
for
em-imap
(RubyGems)
May 24, 2021
Missing Regex anchor in Rack-Cors allows malicious third party site to perform CORS request
High
CVE-2017-11173
was published
for
rack-cors
(RubyGems)
Jul 31, 2018
Jekyll allows attackers to access arbitrary files by specifying a symlink
High
CVE-2018-17567
was published
for
jekyll
(RubyGems)
Sep 28, 2018
lynx doesn't properly sanitize user input and exposes database password to unauthorized users
High
CVE-2014-5002
was published
for
lynx
(RubyGems)
Jan 24, 2018
safemode gem allows context-dependent attackers to obtain sensitive information via the inspect method
High
CVE-2016-3693
was published
for
safemode
(RubyGems)
Oct 24, 2017
Sprockets path traversal leads to information leak
High
CVE-2018-3760
was published
for
sprockets
(RubyGems)
Jun 20, 2018
archive-tar-minitar and minitar vulnerable to Path Traversal
High
CVE-2016-10173
was published
for
archive-tar-minitar
(RubyGems)
Oct 24, 2017
Webbynode Code Injection vulnerability
High
CVE-2013-7086
was published
for
webbynode
(RubyGems)
Oct 24, 2017
OmniAuth-SAML authentication bypass via incorrect XML canonicalization and DOM traversal
High
CVE-2017-11430
was published
for
omniauth-saml
(RubyGems)
Jul 5, 2019
MiniMagick Gem for Ruby URI Handling Arbitrary Command Injection
High
CVE-2013-2616
was published
for
mini_magick
(RubyGems)
Oct 24, 2017
OS Command Injection in MiniMagick
High
CVE-2019-13574
was published
for
mini_magick
(RubyGems)
Jul 18, 2019
Unsafe object creation in json RubyGem
High
CVE-2020-10663
was published
for
json
(RubyGems)
Jul 27, 2020
git-fastclone permits arbitrary shell command execution from .gitmodules
High
CVE-2015-8968
was published
for
git-fastclone
(RubyGems)
Aug 15, 2018
Curl Gem insufficient URL escaping command injection
High
CVE-2013-2617
was published
for
curl
(RubyGems)
Oct 24, 2017
extlib does not properly restrict casts of string values
High
CVE-2013-1802
was published
for
extlib
(RubyGems)
Oct 24, 2017
sfpagent Command Injection vulnerability
High
CVE-2014-2888
was published
for
sfpagent
(RubyGems)
Oct 24, 2017
Nokogiri contains libxml Out-of-bounds Write vulnerability
High
CVE-2021-3517
was published
for
nokogiri
(RubyGems)
May 24, 2022
Thumbshooter vulnerable to Code Injection
High
CVE-2013-1898
was published
for
thumbshooter
(RubyGems)
Oct 24, 2017
fastreader Gem for Ruby URI Handling Arbitrary Command Injection
High
CVE-2013-2615
was published
for
fastreader
(RubyGems)
Oct 24, 2017
RubyGems Escape sequence injection vulnerability in api response handling
High
CVE-2019-8323
was published
for
rubygems-update
(RubyGems)
Jun 20, 2019
RubyGems Escape sequence injection vulnerability in verbose
High
CVE-2019-8321
was published
for
rubygems-update
(RubyGems)
Jun 20, 2019
RubyGems Escape sequence injection in errors
High
CVE-2019-8325
was published
for
rubygems-update
(RubyGems)
Jun 20, 2019
RubyGems Delete directory using symlink when decompressing tar
High
CVE-2019-8320
was published
for
rubygems-update
(RubyGems)
Jun 20, 2019
Code injection in RubyGems
High
CVE-2019-8324
was published
for
rubygems-update
(RubyGems)
Jun 20, 2019
Directory traversal in Rack::Directory app bundled with Rack
High
CVE-2020-8161
was published
for
rack
(RubyGems)
Jul 6, 2020
ProTip!
Advisories are also available from the
GraphQL API