GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
37 advisories
Filter by severity
MPXJ has a Potential Path Traversal Vulnerability
Moderate
CVE-2024-49771
was published
for
MPXJ.Net
(RubyGems)
Oct 28, 2024
OpenC3 Path Traversal via screen controller (`GHSL-2024-127`)
High
CVE-2024-46977
was published
for
openc3
(RubyGems)
Oct 2, 2024
Camaleon CMS vulnerable to remote code execution through code injection (GHSL-2024-185)
High
GHSA-7x4w-cj9r-h4v9
was published
for
camaleon_cms
(RubyGems)
Sep 18, 2024
Camaleon CMS vulnerable to arbitrary path traversal (GHSL-2024-183)
High
CVE-2024-46987
was published
for
camaleon_cms
(RubyGems)
Sep 18, 2024
Camaleon CMS affected by arbitrary file write to RCE (GHSL-2024-182)
High
CVE-2024-46986
was published
for
camaleon_cms
(RubyGems)
Sep 18, 2024
Duplicate Advisory: Malicious URL drafting attack against iodines static file server may allow path traversal
Low
GHSA-qwf7-rv77-fcr3
was published
for
iodine
(RubyGems)
Jan 4, 2024
•
withdrawn
rswag vulnerable to arbitrary JSON and YAML file read via directory traversal
High
CVE-2023-38337
was published
for
rswag
(RubyGems)
Jul 15, 2023
TZInfo relative path traversal vulnerability allows loading of arbitrary files
High
CVE-2022-31163
was published
for
tzinfo
(RubyGems)
Jul 21, 2022
RubyGems Path Traversal vulnerability
Moderate
CVE-2018-1000079
was published
for
org.jruby:jruby-stdlib
(RubyGems)
May 14, 2022
RubyGems may allow a maliciously crafted gem to overwrite files
High
CVE-2017-0901
was published
for
rubygems-update
(RubyGems)
May 13, 2022
mixlib-archive Path Traversal vulnerability
High
CVE-2017-1000026
was published
for
mixlib-archive
(RubyGems)
May 13, 2022
sinatra does not validate expanded path matches
High
CVE-2022-29970
was published
for
sinatra
(RubyGems)
May 3, 2022
Mongrel vulnerable to directory traversal via double-encoded sequences
Moderate
CVE-2007-6612
was published
for
mongrel
(RubyGems)
May 1, 2022
Path traversal when MessageBus::Diagnostics is enabled
Moderate
CVE-2021-43840
was published
for
message_bus
(RubyGems)
Dec 17, 2021
Tempfile on Windows path traversal vulnerability
High
CVE-2021-28966
was published
for
tmpdir
(RubyGems)
May 6, 2021
Directory traversal in Rack::Directory app bundled with Rack
High
CVE-2020-8161
was published
for
rack
(RubyGems)
Jul 6, 2020
Arbitrary file write in actionpack-page_caching gem
Critical
CVE-2020-8159
was published
for
actionpack-page_caching
(RubyGems)
May 13, 2020
The rack-cors rubygem may allow directory traveral
Moderate
CVE-2019-18978
was published
for
rack-cors
(RubyGems)
Nov 15, 2019
Malicious URL drafting attack against iodines static file server may allow path traversal
Low
CVE-2024-22050
was published
for
iodine
(RubyGems)
Oct 7, 2019
Path Traversal vulnerability that affects yard
High
CVE-2019-1020001
was published
for
yard
(RubyGems)
Jul 2, 2019
RubyGems Delete directory using symlink when decompressing tar
High
CVE-2019-8320
was published
for
rubygems-update
(RubyGems)
Jun 20, 2019
Path Traversal in Action View
High
CVE-2019-5418
was published
for
actionview
(RubyGems)
Mar 13, 2019
Sprockets path traversal leads to information leak
High
CVE-2018-3760
was published
for
sprockets
(RubyGems)
Jun 20, 2018
Sinatra Path Traversal vulnerability
Moderate
CVE-2018-7212
was published
for
sinatra
(RubyGems)
Feb 20, 2018
Arbitrary file read vulnerability in yard server
High
CVE-2017-17042
was published
for
yard
(RubyGems)
Dec 21, 2017
ProTip!
Advisories are also available from the
GraphQL API