Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

18 advisories

Loading
ActiveRecord in Ruby on Rails allows database-query bypass High
CVE-2016-6317 was published for activerecord (RubyGems) Oct 24, 2017
actionpack allows bypass of database-query restrictions Moderate
CVE-2013-6417 was published for actionpack (RubyGems) Oct 24, 2017
Publify has Improper Access Controls Moderate
CVE-2022-1810 was published for publify_core (RubyGems) May 24, 2022
Active Record allows bypassing of database-query restrictions Moderate
CVE-2013-0155 was published for activerecord (RubyGems) Oct 24, 2017
Active Record Improper Access Control Moderate
CVE-2015-7577 was published for activerecord (RubyGems) Oct 24, 2017
espeak-ruby allows arbitrary command execution Critical
CVE-2016-10193 was published for espeak-ruby (RubyGems) Oct 24, 2017
tdunlap607
Web Console (Ruby gem) contains whitelisted_ips bypass Moderate
CVE-2015-3224 was published for web-console (RubyGems) Oct 24, 2017
Consul gem insufficient authentication check - Multiple powers in one controller are not always checked correctly Critical
CVE-2019-16377 was published for consul (RubyGems) Sep 27, 2019
Decidim has broken access control in templates High
CVE-2023-36465 was published for decidim (RubyGems) Oct 5, 2023
andreslucena
Active Record subject to strong parameters protection bypass High
CVE-2014-3514 was published for activerecord (RubyGems) Oct 24, 2017
ActiveRecord vulnerable to modification of protected model attributes Moderate
CVE-2013-0276 was published for activerecord (RubyGems) Oct 24, 2017
Action Pack contains database-query restrictions bypass Moderate
CVE-2012-2660 was published for actionpack (RubyGems) Oct 24, 2017
Authentication Bypass in Devise Moderate
CVE-2019-16109 was published for devise (RubyGems) Sep 11, 2019
gollum and gollum-lib allow remote authenticated users to execute arbitrary code High
CVE-2014-9489 was published for gollum (RubyGems) Nov 16, 2017
Improper Access Control in activejob High
CVE-2018-16476 was published for activejob (RubyGems) Dec 5, 2018
Puppet Improper Access Control Critical
CVE-2016-2785 was published for puppet (RubyGems) May 13, 2022
Puppet does not properly restrict access to node resources Moderate
CVE-2011-0528 was published for puppet (RubyGems) May 14, 2022
Chef Improper Access Control vulnerability Moderate
CVE-2010-5142 was published for chef (RubyGems) May 17, 2022
ProTip! Advisories are also available from the GraphQL API