GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
832 advisories
Filter by severity
Duplicate Advisory: Malicious URL drafting attack against iodines static file server may allow path traversal
Low
GHSA-qwf7-rv77-fcr3
was published
for
iodine
(RubyGems)
Jan 4, 2024
•
withdrawn
Duplicate Advisory: govuk_tech_docs vulnerable to unescaped HTML on search results page
Low
GHSA-4mvm-xh8j-fv27
was published
for
govuk_tech_docs
(RubyGems)
Jan 4, 2024
•
withdrawn
Duplicate Advisory: Race Condition leading to logging errors
Low
GHSA-v444-jggx-6v7f
was published
for
audited
(RubyGems)
Jan 4, 2024
•
withdrawn
Duplicate Advisory: encoded_id-rails potential DOS vulnerability due to URIs with extremely long encoded IDs
High
GHSA-4553-hq82-8654
was published
for
encoded_id-rails
(RubyGems)
Jan 4, 2024
•
withdrawn
Duplicate Advisory: ActiveAdmin vulnerable to CSV injection
High
GHSA-rqxc-9p8h-xqgq
was published
for
activeadmin
(RubyGems)
Dec 24, 2023
•
withdrawn
Resque Scheduler Reflected XSS In Delayed Jobs View
Moderate
CVE-2022-44303
was published
for
resque-scheduler
(RubyGems)
Dec 18, 2023
ActiveAdmin CSV Injection leading to sensitive information disclosure
Moderate
CVE-2023-51763
was published
for
activeadmin
(RubyGems)
Dec 28, 2023
Resque vulnerable to reflected XSS in Queue Endpoint
Moderate
CVE-2023-50727
was published
for
resque
(RubyGems)
Dec 18, 2023
Duplicate Advisory: Resque Scheduler Reflected XSS In Delayed Jobs View
Moderate
GHSA-q7jc-v6f2-q9jr
was published
for
resque-scheduler
(RubyGems)
Dec 13, 2022
•
withdrawn
Rack has possible DoS Vulnerability in Multipart MIME parsing
High
CVE-2023-27530
was published
for
rack
(RubyGems)
Mar 8, 2023
Denial of service via header parsing in Rack
High
CVE-2022-44570
was published
for
rack
(RubyGems)
Jan 18, 2023
Possible shell escape sequence injection vulnerability in Rack
Critical
CVE-2022-30123
was published
for
rack
(RubyGems)
May 27, 2022
jruby-openssl gem for JRuby fails to do proper certificate validation
High
CVE-2009-4123
was published
for
jruby-openssl
(RubyGems)
Jan 19, 2023
xaviershay-dm-rails Gem for Ruby exposes sensitive information via the process table
Moderate
CVE-2015-2179
was published
for
xaviershay-dm-rails
(RubyGems)
Jan 26, 2023
Devise Gem for Ruby Unauthorized Access Using "Remember Me" Cookie
High
CVE-2015-8314
was published
for
devise
(RubyGems)
Jan 26, 2023
flash_tool Gem for Ruby File Download Handling Arbitrary Command Execution
Critical
CVE-2013-2513
was published
for
flash_tool
(RubyGems)
Jan 26, 2023
Denial of Service Vulnerability in Rack Multipart Parsing
High
CVE-2022-30122
was published
for
rack
(RubyGems)
May 27, 2022
CarrierWave Content-Type allowlist bypass vulnerability, possibly leading to XSS
Moderate
CVE-2023-49090
was published
for
carrierwave
(RubyGems)
Nov 29, 2023
Decidim Cross-site Scripting vulnerability in the processes filter
High
CVE-2023-34089
was published
for
decidim
(RubyGems)
Jul 11, 2023
Prototype Pollution in handlebars
Critical
CVE-2019-19919
was published
for
bootstrap-wysihtml5-rails
(RubyGems)
Dec 26, 2019
Bootstrap Vulnerable to Cross-Site Scripting
Moderate
CVE-2019-8331
was published
for
Bootstrap.Less
(RubyGems)
Feb 22, 2019
Sanitize vulnerable to Cross-site Scripting via insufficient neutralization of `style` element content
High
CVE-2023-36823
was published
for
sanitize
(RubyGems)
Jul 6, 2023
Puppet Improper Access Control
Critical
CVE-2016-2785
was published
for
puppet
(RubyGems)
May 13, 2022
Logstash Logs Sensitive Information
High
CVE-2016-1000221
was published
for
logstash-core
(RubyGems)
May 14, 2022
Logstash Logs Sensitive Information
Moderate
CVE-2016-10362
was published
for
logstash-core
(RubyGems)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API