GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
19,388 advisories
Filter by severity
activesupport Improper Input Validation vulnerability
Moderate
CVE-2013-1856
was published
for
activesupport
(RubyGems)
Oct 24, 2017
MiniMagick Gem for Ruby URI Handling Arbitrary Command Injection
High
CVE-2013-2616
was published
for
mini_magick
(RubyGems)
Oct 24, 2017
newrelic_rpm Gem Discloses Sensitive Information
Moderate
CVE-2013-0284
was published
for
newrelic_rpm
(RubyGems)
Oct 24, 2017
Creme Fraiche contains OS Command Injection
Critical
CVE-2013-2090
was published
for
cremefraiche
(RubyGems)
Oct 24, 2017
Active Record contains SQL Injection
High
CVE-2012-6496
was published
for
activerecord
(RubyGems)
Oct 24, 2017
Phusion Passenger Denial of Service
Moderate
CVE-2013-2119
was published
for
passenger
(RubyGems)
Oct 24, 2017
RDoc contains XSS vulnerability
Moderate
CVE-2013-0256
was published
for
rdoc
(RubyGems)
Oct 24, 2017
Script Injection in Show In Browser gem
Moderate
CVE-2013-2105
was published
for
show_in_browser
(RubyGems)
Oct 24, 2017
Shell Metacharacter Injection in kelredd-pruview
Critical
CVE-2013-1947
was published
for
kelredd-pruview
(RubyGems)
Oct 24, 2017
Code injection in dragonfly gem
High
CVE-2013-5671
was published
for
dragonfly
(RubyGems)
Oct 24, 2017
actionpack Improper Input Validation vulnerability
Moderate
CVE-2013-6414
was published
for
actionpack
(RubyGems)
Oct 24, 2017
jquery-ui Tooltip widget vulnerable to XSS
Moderate
CVE-2012-6662
was published
for
jQuery.UI.Combined
(RubyGems)
Oct 24, 2017
HTTParty does not restrict casts of string values
High
CVE-2013-1801
was published
for
httparty
(RubyGems)
Oct 24, 2017
actionpack vulnerable to Cross-site Scripting
Moderate
CVE-2013-4491
was published
for
actionpack
(RubyGems)
Oct 24, 2017
nori contains Improper Input Validation
High
CVE-2013-0285
was published
for
nori
(RubyGems)
Oct 24, 2017
md2pdf allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename
Critical
CVE-2013-1948
was published
for
md2pdf
(RubyGems)
Oct 24, 2017
Active Record allows bypassing of database-query restrictions
Moderate
CVE-2013-0155
was published
for
activerecord
(RubyGems)
Oct 24, 2017
Active Record Improper Input Validation
Moderate
CVE-2013-1854
was published
for
activerecord
(RubyGems)
Oct 24, 2017
Rack Vulnerable to Path Traversal
Moderate
CVE-2013-0262
was published
for
rack
(RubyGems)
Oct 24, 2017
ActiveRecord vulnerable to modification of protected model attributes
Moderate
CVE-2013-0276
was published
for
activerecord
(RubyGems)
Oct 24, 2017
actionpack Cross-site Scripting vulnerability
Moderate
CVE-2013-1855
was published
for
actionpack
(RubyGems)
Oct 24, 2017
activesupport in Rails vulnerable to incorrect data conversion
High
CVE-2013-0333
was published
for
activesupport
(RubyGems)
Oct 24, 2017
actionpack allows remote attackers to bypass intended access restrictions
High
CVE-2011-0449
was published
for
actionpack
(RubyGems)
Oct 24, 2017
actionpack Improper Input Validation vulnerability
Moderate
CVE-2011-3187
was published
for
actionpack
(RubyGems)
Oct 24, 2017
ProTip!
Advisories are also available from the
GraphQL API