GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
289 advisories
Filter by severity
Path Traversal in Action View
High
CVE-2019-5418
was published
for
actionview
(RubyGems)
Mar 13, 2019
Denial of Service Vulnerability in Action View
High
CVE-2019-5419
was published
for
actionview
(RubyGems)
Mar 13, 2019
High severity vulnerability that affects many_versioned_gem
High
GHSA-hhxm-4f85-rgr8
was published
for
many_versioned_gem
(RubyGems)
Feb 5, 2019
•
withdrawn
Nokogiri NULL Pointer Dereference
High
CVE-2018-14404
was published
for
nokogiri
(RubyGems)
Jan 17, 2019
Improper Access Control in activejob
High
CVE-2018-16476
was published
for
activejob
(RubyGems)
Dec 5, 2018
Rack vulnerable to Denial of Service
High
CVE-2018-16470
was published
for
rack
(RubyGems)
Nov 15, 2018
Jekyll allows attackers to access arbitrary files by specifying a symlink
High
CVE-2018-17567
was published
for
jekyll
(RubyGems)
Sep 28, 2018
Denial of service or RCE from libxml2 and libxslt
High
CVE-2015-8806
was published
for
nokogiri
(RubyGems)
Sep 17, 2018
Ruby-ffi has a DLL loading issue
High
CVE-2018-1000201
was published
for
ffi
(RubyGems)
Aug 31, 2018
Spina gem vulnerable to Cross-site request forgery (CSRF) vulnerability
High
CVE-2015-4619
was published
for
spina
(RubyGems)
Aug 28, 2018
High severity vulnerability that affects activerecord
High
GHSA-hm48-76wh-q86v
was published
for
activerecord
(RubyGems)
Aug 21, 2018
•
withdrawn
Nokogiri subject to DoS via libxml2 vulnerability
High
CVE-2015-5312
was published
for
nokogiri
(RubyGems)
Aug 21, 2018
High severity vulnerability that affects espeak-ruby
High
GHSA-w655-w578-99pq
was published
for
espeak-ruby
(RubyGems)
Aug 21, 2018
•
withdrawn
Ruby-saml allows attackers to perform XML signature wrapping attacks
High
CVE-2016-5697
was published
for
ruby-saml
(RubyGems)
Aug 21, 2018
Phusion Passenger uses a known /tmp filename
High
CVE-2016-10345
was published
for
passenger
(RubyGems)
Aug 21, 2018
redcarpet Buffer Overflow vulnerability
High
CVE-2015-5147
was published
for
redcarpet
(RubyGems)
Aug 15, 2018
High severity vulnerability that affects festivaltts4r
High
GHSA-9wv8-jgw4-4g28
was published
for
festivaltts4r
(RubyGems)
Aug 15, 2018
•
withdrawn
High severity vulnerability that affects colorscore
High
GHSA-9wcm-rrvh-qjc8
was published
for
colorscore
(RubyGems)
Aug 15, 2018
•
withdrawn
git-fastclone permits arbitrary shell command execution from .gitmodules
High
CVE-2015-8968
was published
for
git-fastclone
(RubyGems)
Aug 15, 2018
High severity vulnerability that affects actionpack
High
GHSA-hx46-vwmx-wx95
was published
for
actionpack
(RubyGems)
Aug 13, 2018
•
withdrawn
Doorkeeper subject to Incorrect Permission Assignment
High
CVE-2018-1000211
was published
for
doorkeeper
(RubyGems)
Aug 13, 2018
Cross-site request forgery in rails_admin
High
CVE-2016-10522
was published
for
rails_admin
(RubyGems)
Aug 8, 2018
High severity vulnerability that affects safemode
High
GHSA-8474-rc7c-wrhp
was published
for
safemode
(RubyGems)
Aug 8, 2018
•
withdrawn
High severity vulnerability that affects rubyzip
High
GHSA-3q5q-f79q-7hr2
was published
for
rubyzip
(RubyGems)
Jul 31, 2018
•
withdrawn
Nokogiri implementation of libxslt lacks integer overflow checks
High
CVE-2017-5029
was published
for
nokogiri
(RubyGems)
Jul 31, 2018
ProTip!
Advisories are also available from the
GraphQL API