GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
289 advisories
Filter by severity
Pgsync Contains Cleartext Transmission of Sensitive Information
High
CVE-2021-31671
was published
for
pgsync
(RubyGems)
Apr 27, 2021
Improper Certificate Validation in oauth ruby gem
High
CVE-2016-11086
was published
for
oauth
(RubyGems)
Apr 22, 2021
Cross-Site Request Forgery (CSRF) in trestle-auth
High
CVE-2021-29435
was published
for
trestle-auth
(RubyGems)
Apr 13, 2021
Remote code execution in Kramdown
High
CVE-2021-28834
was published
for
kramdown
(RubyGems)
Mar 29, 2021
Active Record subject to Regular Expression Denial-of-Service (ReDoS)
High
CVE-2021-22880
was published
for
activerecord
(RubyGems)
Mar 2, 2021
Code Injection vulnerability in CarrierWave::RMagick
High
CVE-2021-21305
was published
for
carrierwave
(RubyGems)
Feb 8, 2021
Command Injection Vulnerability in Mechanize
High
CVE-2021-21289
was published
for
mechanize
(RubyGems)
Feb 2, 2021
omniauth-apple allows attacker to fake their email address during authentication
High
CVE-2020-26254
was published
for
omniauth-apple
(RubyGems)
Dec 8, 2020
Authorization bypass in Spree
High
CVE-2020-26223
was published
for
spree_api
(RubyGems)
Nov 13, 2020
Remote code execution in dependabot-core branch names when cloning
High
CVE-2020-26222
was published
for
dependabot-common
(RubyGems)
Nov 13, 2020
Regression in JWT Signature Validation
High
CVE-2020-15240
was published
for
omniauth-auth0
(RubyGems)
Nov 3, 2020
Ensure that doorkeeper_token is valid when authenticating requests in API v2 calls
High
CVE-2020-15269
was published
for
spree
(RubyGems)
Oct 20, 2020
Moped Rubygem Data Injection Vulnerability
High
CVE-2015-4410
was published
for
moped
(RubyGems)
Aug 19, 2020
Missing TLS certificate verification in faye-websocket
High
CVE-2020-15133
was published
for
faye-websocket
(RubyGems)
Jul 31, 2020
Missing TLS certificate verification
High
CVE-2020-15134
was published
for
faye
(RubyGems)
Jul 31, 2020
Unsafe object creation in json RubyGem
High
CVE-2020-10663
was published
for
json
(RubyGems)
Jul 27, 2020
Remote code execution via user-provided local names in ActionView
High
CVE-2020-8163
was published
for
actionview
(RubyGems)
Jul 7, 2020
Directory traversal in Rack::Directory app bundled with Rack
High
CVE-2020-8161
was published
for
rack
(RubyGems)
Jul 6, 2020
Rack allows Percent-encoded cookies to overwrite existing prefixed cookie names
High
CVE-2020-8184
was published
for
rack
(RubyGems)
Jun 24, 2020
Cross-site Scripting in Sanitize
High
CVE-2020-4054
was published
for
sanitize
(RubyGems)
Jun 16, 2020
Regular Expression Denial of Service in websocket-extensions (RubyGem)
High
CVE-2020-7663
was published
for
websocket-extensions
(RubyGems)
Jun 5, 2020
Circumvention of file size limits in ActiveStorage
High
CVE-2020-8162
was published
for
activestorage
(RubyGems)
May 26, 2020
Possible Strong Parameters Bypass in ActionPack
High
CVE-2020-8164
was published
for
actionpack
(RubyGems)
May 26, 2020
HTTP Smuggling via Transfer-Encoding Header in Puma
High
CVE-2020-11076
was published
for
puma
(RubyGems)
May 22, 2020
ProTip!
Advisories are also available from the
GraphQL API