Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,967
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,076
Pub
10
RubyGems
832
Rust
781
Swift
34
Unreviewed advisories
All unreviewed
5,000+

832 advisories

Loading
avo vulnerable to Stored XSS (Cross Site Scripting) in html content based fields High
CVE-2023-34103 was published for avo (RubyGems) Jun 6, 2023
FLX-0x00 Mys7ic
avo possible unsafe reflection / partial DoS vulnerability High
CVE-2023-34102 was published for avo (RubyGems) Jun 6, 2023
FLX-0x00
Race condition in Endorsements Low
CVE-2023-47634 was published for decidim (RubyGems) Feb 20, 2024
microstudi alecslupu
andreslucena
Rails has possible XSS Vulnerability in Action Controller Moderate
CVE-2024-26143 was published for actionpack (RubyGems) Feb 27, 2024
ooooooo-q yoshizawa-masatoshi
postmodern stdedos
Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial) Moderate
CVE-2024-25126 was published for rack (RubyGems) Feb 28, 2024
byroot
Rails has possible Sensitive Session Information Leak in Active Storage Moderate
CVE-2024-26144 was published for activestorage (RubyGems) Feb 27, 2024
yoshizawa-masatoshi tyage
postmodern
ActionText ContentAttachment can Contain Unsanitized HTML Moderate
CVE-2024-32464 was published for actiontext (RubyGems) Jun 4, 2024
ooooooo-q
Missing security headers in Action Pack on non-HTML responses Moderate
CVE-2024-28103 was published for actionpack (RubyGems) Jun 4, 2024
shinkbr
activeadmin vulnerable to stored persistent cross-site scripting (XSS) in dynamic form legends High
CVE-2024-37031 was published for activeadmin (RubyGems) Jun 2, 2024
aoprea1982
Trix Editor Arbitrary Code Execution Vulnerability Moderate
CVE-2024-34341 was published for actiontext (RubyGems) May 7, 2024
chadlwilson
rack-contrib vulnerable to Denial of Service due to the unconstrained value of the incoming "profiler_runs" parameter High
CVE-2024-35231 was published for rack-contrib (RubyGems) May 28, 2024
Sim4n6 ioquatix
Kaminari Insecure File Permissions Vulnerability Moderate
CVE-2024-32978 was published for kaminari (RubyGems) May 28, 2024
G-Rath
pubnub Insufficient Entropy vulnerability Moderate
CVE-2023-26154 was published for Pubnub (RubyGems) Dec 6, 2023
REXML contains a denial of service vulnerability Moderate
CVE-2024-35176 was published for rexml (RubyGems) May 16, 2024
Duplicate Advisory: Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459 Low
GHSA-r3w4-36x6-7r99 was published for nokogiri (RubyGems) May 14, 2024 withdrawn
Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459 Low
GHSA-r95h-9x8f-r3f7 was published for nokogiri (RubyGems) May 13, 2024
CommanderStorm postmodern
Duplicate Advisory: jQuery Cross Site Scripting vulnerability Moderate
CVE-2020-23064 was published for jQuery (RubyGems) Jun 26, 2023 withdrawn
eoftedal
Potential XSS vulnerability in jQuery Moderate
CVE-2020-11023 was published for jQuery (RubyGems) Apr 29, 2020
masatokinugawa klaudialax
StringIO buffer overread vulnerability High
CVE-2024-27280 was published for stringio (RubyGems) Mar 25, 2024
RDoc RCE vulnerability with .rdoc_options High
CVE-2024-27281 was published for rdoc (RubyGems) Mar 25, 2024
Ruby URI component ReDoS issue High
CVE-2023-28755 was published for uri (RubyGems) Mar 31, 2023
URI gem has ReDoS vulnerability Moderate
CVE-2023-36617 was published for uri (RubyGems) Jun 29, 2023
jasnow maxfelsher-cgi
Phlex vulnerable to Cross-site Scripting (XSS) via maliciously formed HTML attribute names and values High
CVE-2024-32970 was published for phlex (RubyGems) May 1, 2024
joeldrapper
sidekiq vulnerable to cross-site scripting High
CVE-2023-1892 was published for sidekiq (RubyGems) Apr 21, 2023
aripollak
Sidekiq vulnerable to a Reflected XSS in Queues Web Page Moderate
CVE-2024-32887 was published for sidekiq (RubyGems) Apr 26, 2024
UmerAdeemCheema
ProTip! Advisories are also available from the GraphQL API