Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

289 advisories

Loading
libxml as used in Nokogiri has an infinite loop in a certain end-of-file situation High
CVE-2020-7595 was published for nokogiri (RubyGems) Feb 24, 2020
Phusion Passenger uses a known /tmp filename High
CVE-2016-10345 was published for passenger (RubyGems) Aug 21, 2018
Uninitialized read in Nokogiri gem High
CVE-2019-13117 was published for nokogiri (RubyGems) May 24, 2022
Nokogiri gem, via libxml, is affected by DoS vulnerabilities High
CVE-2017-16932 was published for nokogiri (RubyGems) May 13, 2022
Nokogiri affected by zlib's Out-of-bounds Write vulnerability High
CVE-2018-25032 was published for nokogiri (RubyGems) Mar 26, 2022
Insecure Permissions in Phusion Passenger High
CVE-2018-12027 was published for passenger (RubyGems) May 13, 2022
Echor contains Command Injection High
CVE-2014-1834 was published for echor (RubyGems) May 14, 2022
Echor Ruby Gem credentials can be stolen via process table monitoring High
CVE-2014-1835 was published for echor (RubyGems) May 14, 2022
Denial of service or RCE from libxml2 and libxslt High
CVE-2015-8806 was published for nokogiri (RubyGems) Sep 17, 2018
actionpack allows remote code execution via application's unrestricted use of render method High
CVE-2016-2098 was published for actionpack (RubyGems) Oct 24, 2017
OpenSSL gem for Ruby using inadequate encryption strength High
CVE-2016-7798 was published for openssl (RubyGems) Oct 24, 2017
Phusion Passenger Race Condition Allows Privilege Escalation High
CVE-2018-12029 was published for passenger (RubyGems) May 14, 2022
i18n Vulnerable to Denial of Service Attack High
CVE-2014-10077 was published for i18n (RubyGems) May 14, 2022
jhutchings1
Active Record subject to Regular Expression Denial-of-Service (ReDoS) High
CVE-2021-22880 was published for activerecord (RubyGems) Mar 2, 2021
open-uri-cached Gem for Ruby Unsafe Temporary File Creation Enables Code Execution High
CVE-2015-3649 was published for open-uri-cached (RubyGems) May 13, 2022
codders-dataset Process Table Local Plaintext Credential Disclosure High
CVE-2014-4991 was published for codders-dataset (RubyGems) May 14, 2022
jasnow
Cap-Strap gem for Ruby places credentials on the useradd command line High
CVE-2014-4992 was published for cap-strap (RubyGems) Mar 16, 2018
Nokogiri implementation of libxslt lacks integer overflow checks High
CVE-2017-5029 was published for nokogiri (RubyGems) Jul 31, 2018
ActiveRecord in Ruby on Rails allows database-query bypass High
CVE-2016-6317 was published for activerecord (RubyGems) Oct 24, 2017
Arbitrary file read vulnerability in yard server High
CVE-2017-17042 was published for yard (RubyGems) Dec 21, 2017
Circumvention of file size limits in ActiveStorage High
CVE-2020-8162 was published for activestorage (RubyGems) May 26, 2020
RubyGems passenger gem allows remote attackers to delete files High
CVE-2012-6135 was published for passenger (RubyGems) Apr 23, 2022
jasnow
Action Pack contains Information Disclosure / Unintended Method Execution vulnerability High
CVE-2021-22885 was published for actionpack (RubyGems) May 5, 2021
Insecure path handling in Bundler High
CVE-2019-3881 was published for bundler (RubyGems) May 10, 2021
Remote code execution via user-provided local names in ActionView High
CVE-2020-8163 was published for actionview (RubyGems) Jul 7, 2020
ProTip! Advisories are also available from the GraphQL API