Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

832 advisories

Loading
Duplicate Advisory: Malicious URL drafting attack against iodines static file server may allow path traversal Low
GHSA-qwf7-rv77-fcr3 was published for iodine (RubyGems) Jan 4, 2024 withdrawn
Duplicate Advisory: govuk_tech_docs vulnerable to unescaped HTML on search results page Low
GHSA-4mvm-xh8j-fv27 was published for govuk_tech_docs (RubyGems) Jan 4, 2024 withdrawn
Duplicate Advisory: Race Condition leading to logging errors Low
GHSA-v444-jggx-6v7f was published for audited (RubyGems) Jan 4, 2024 withdrawn
Duplicate Advisory: encoded_id-rails potential DOS vulnerability due to URIs with extremely long encoded IDs High
GHSA-4553-hq82-8654 was published for encoded_id-rails (RubyGems) Jan 4, 2024 withdrawn
Duplicate Advisory: ActiveAdmin vulnerable to CSV injection High
GHSA-rqxc-9p8h-xqgq was published for activeadmin (RubyGems) Dec 24, 2023 withdrawn
Resque Scheduler Reflected XSS In Delayed Jobs View Moderate
CVE-2022-44303 was published for resque-scheduler (RubyGems) Dec 18, 2023
jchristman PatrickTulskie
ActiveAdmin CSV Injection leading to sensitive information disclosure Moderate
CVE-2023-51763 was published for activeadmin (RubyGems) Dec 28, 2023
Resque vulnerable to reflected XSS in Queue Endpoint Moderate
CVE-2023-50727 was published for resque (RubyGems) Dec 18, 2023
priya-hinduja PatrickTulskie
Duplicate Advisory: Resque Scheduler Reflected XSS In Delayed Jobs View Moderate
GHSA-q7jc-v6f2-q9jr was published for resque-scheduler (RubyGems) Dec 13, 2022 withdrawn
Rack has possible DoS Vulnerability in Multipart MIME parsing High
CVE-2023-27530 was published for rack (RubyGems) Mar 8, 2023
Denial of service via header parsing in Rack High
CVE-2022-44570 was published for rack (RubyGems) Jan 18, 2023
Possible shell escape sequence injection vulnerability in Rack Critical
CVE-2022-30123 was published for rack (RubyGems) May 27, 2022
kurt-r2c
jruby-openssl gem for JRuby fails to do proper certificate validation High
CVE-2009-4123 was published for jruby-openssl (RubyGems) Jan 19, 2023
xaviershay-dm-rails Gem for Ruby exposes sensitive information via the process table Moderate
CVE-2015-2179 was published for xaviershay-dm-rails (RubyGems) Jan 26, 2023
Devise Gem for Ruby Unauthorized Access Using "Remember Me" Cookie High
CVE-2015-8314 was published for devise (RubyGems) Jan 26, 2023
flash_tool Gem for Ruby File Download Handling Arbitrary Command Execution Critical
CVE-2013-2513 was published for flash_tool (RubyGems) Jan 26, 2023
Denial of Service Vulnerability in Rack Multipart Parsing High
CVE-2022-30122 was published for rack (RubyGems) May 27, 2022
CarrierWave Content-Type allowlist bypass vulnerability, possibly leading to XSS Moderate
CVE-2023-49090 was published for carrierwave (RubyGems) Nov 29, 2023
a-zara-n
Decidim Cross-site Scripting vulnerability in the processes filter High
CVE-2023-34089 was published for decidim (RubyGems) Jul 11, 2023
Alonsorossi ahukkanen
andreslucena
Prototype Pollution in handlebars Critical
CVE-2019-19919 was published for bootstrap-wysihtml5-rails (RubyGems) Dec 26, 2019
Bootstrap Vulnerable to Cross-Site Scripting Moderate
CVE-2019-8331 was published for Bootstrap.Less (RubyGems) Feb 22, 2019
Sanitize vulnerable to Cross-site Scripting via insufficient neutralization of `style` element content High
CVE-2023-36823 was published for sanitize (RubyGems) Jul 6, 2023
cure53
Puppet Improper Access Control Critical
CVE-2016-2785 was published for puppet (RubyGems) May 13, 2022
Logstash Logs Sensitive Information High
CVE-2016-1000221 was published for logstash-core (RubyGems) May 14, 2022
Logstash Logs Sensitive Information Moderate
CVE-2016-10362 was published for logstash-core (RubyGems) May 13, 2022
ProTip! Advisories are also available from the GraphQL API