Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

289 advisories

Loading
Path Traversal in Action View High
CVE-2019-5418 was published for actionview (RubyGems) Mar 13, 2019
Denial of Service Vulnerability in Action View High
CVE-2019-5419 was published for actionview (RubyGems) Mar 13, 2019
High severity vulnerability that affects many_versioned_gem High
GHSA-hhxm-4f85-rgr8 was published for many_versioned_gem (RubyGems) Feb 5, 2019 withdrawn
Nokogiri NULL Pointer Dereference High
CVE-2018-14404 was published for nokogiri (RubyGems) Jan 17, 2019
Improper Access Control in activejob High
CVE-2018-16476 was published for activejob (RubyGems) Dec 5, 2018
Rack vulnerable to Denial of Service High
CVE-2018-16470 was published for rack (RubyGems) Nov 15, 2018
Jekyll allows attackers to access arbitrary files by specifying a symlink High
CVE-2018-17567 was published for jekyll (RubyGems) Sep 28, 2018
Denial of service or RCE from libxml2 and libxslt High
CVE-2015-8806 was published for nokogiri (RubyGems) Sep 17, 2018
Ruby-ffi has a DLL loading issue High
CVE-2018-1000201 was published for ffi (RubyGems) Aug 31, 2018
Spina gem vulnerable to Cross-site request forgery (CSRF) vulnerability High
CVE-2015-4619 was published for spina (RubyGems) Aug 28, 2018
High severity vulnerability that affects activerecord High
GHSA-hm48-76wh-q86v was published for activerecord (RubyGems) Aug 21, 2018 withdrawn
Nokogiri subject to DoS via libxml2 vulnerability High
CVE-2015-5312 was published for nokogiri (RubyGems) Aug 21, 2018
High severity vulnerability that affects espeak-ruby High
GHSA-w655-w578-99pq was published for espeak-ruby (RubyGems) Aug 21, 2018 withdrawn
Ruby-saml allows attackers to perform XML signature wrapping attacks High
CVE-2016-5697 was published for ruby-saml (RubyGems) Aug 21, 2018
Phusion Passenger uses a known /tmp filename High
CVE-2016-10345 was published for passenger (RubyGems) Aug 21, 2018
redcarpet Buffer Overflow vulnerability High
CVE-2015-5147 was published for redcarpet (RubyGems) Aug 15, 2018
tdunlap607
High severity vulnerability that affects festivaltts4r High
GHSA-9wv8-jgw4-4g28 was published for festivaltts4r (RubyGems) Aug 15, 2018 withdrawn
High severity vulnerability that affects colorscore High
GHSA-9wcm-rrvh-qjc8 was published for colorscore (RubyGems) Aug 15, 2018 withdrawn
git-fastclone permits arbitrary shell command execution from .gitmodules High
CVE-2015-8968 was published for git-fastclone (RubyGems) Aug 15, 2018
High severity vulnerability that affects actionpack High
GHSA-hx46-vwmx-wx95 was published for actionpack (RubyGems) Aug 13, 2018 withdrawn
Doorkeeper subject to Incorrect Permission Assignment High
CVE-2018-1000211 was published for doorkeeper (RubyGems) Aug 13, 2018
Cross-site request forgery in rails_admin High
CVE-2016-10522 was published for rails_admin (RubyGems) Aug 8, 2018
High severity vulnerability that affects safemode High
GHSA-8474-rc7c-wrhp was published for safemode (RubyGems) Aug 8, 2018 withdrawn
High severity vulnerability that affects rubyzip High
GHSA-3q5q-f79q-7hr2 was published for rubyzip (RubyGems) Jul 31, 2018 withdrawn
Nokogiri implementation of libxslt lacks integer overflow checks High
CVE-2017-5029 was published for nokogiri (RubyGems) Jul 31, 2018
ProTip! Advisories are also available from the GraphQL API