Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,678
Erlang
29
GitHub Actions
16
Go
1,707
Maven
4,940
npm
3,471
NuGet
603
pip
2,993
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

287 advisories

avo vulnerable to Stored XSS (Cross Site Scripting) in html content based fields High
CVE-2023-34103 was published for avo (RubyGems) Jun 6, 2023
FLX-0x00 Mys7ic
sidekiq vulnerable to cross-site scripting High
CVE-2023-1892 was published for sidekiq (RubyGems) Apr 21, 2023
aripollak
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in Pay High
CVE-2023-30614 was published for pay (RubyGems) Apr 20, 2023
p- excid3
Fluent Fluentd and Fluent-ui use default password High
CVE-2020-21514 was published for fluentd (RubyGems) Apr 4, 2023
Ruby URI component ReDoS issue High
CVE-2023-28755 was published for uri (RubyGems) Mar 31, 2023
Ruby Time component ReDoS issue High
CVE-2023-28756 was published for time (RubyGems) Mar 31, 2023
Rack has possible DoS Vulnerability in Multipart MIME parsing High
CVE-2023-27530 was published for rack (RubyGems) Mar 8, 2023
Withdrawn: Fortra GoAnywhere MFT Deserialization of Untrusted Data vulnerability affects metasploit-framework High
CVE-2023-0669 was published for metasploit-framework (RubyGems) Feb 6, 2023 withdrawn
smcintyre-r7
Devise Gem for Ruby Unauthorized Access Using "Remember Me" Cookie High
CVE-2015-8314 was published for devise (RubyGems) Jan 26, 2023
ExifTool vulnerable to arbitrary code execution High
GHSA-q95h-cqrv-8jv5 was published for exiftool_vendored (RubyGems) Jan 20, 2023
dgollahon
jruby-openssl gem for JRuby fails to do proper certificate validation High
CVE-2009-4123 was published for jruby-openssl (RubyGems) Jan 19, 2023
Denial of Service Vulnerability in ActiveRecord's PostgreSQL adapter High
CVE-2022-44566 was published for activerecord (RubyGems) Jan 18, 2023
robertoz-01 aviyam181199
G-Rath
SQL Injection Vulnerability via ActiveRecord comments High
CVE-2023-22794 was published for activerecord (RubyGems) Jan 18, 2023
kurt-r2c
Denial of service via header parsing in Rack High
CVE-2022-44570 was published for rack (RubyGems) Jan 18, 2023
Code injection in ruby git High
CVE-2022-47318 was published for git (RubyGems) Jan 17, 2023
ruby-git has potential remote code execution vulnerability High
CVE-2022-46648 was published for git (RubyGems) Jan 9, 2023
PgHero Allows Information Disclosure Through EXPLAIN Feature High
CVE-2023-22626 was published for pghero (RubyGems) Jan 5, 2023
active_attr Improper Resource Shutdown or Release vulnerability High
CVE-2021-4250 was published for active_attr (RubyGems) Dec 19, 2022
Inefficient Regular Expression Complexity in rails-html-sanitizer High
CVE-2022-23517 was published for rails-html-sanitizer (RubyGems) Dec 13, 2022
Uncontrolled Recursion in Loofah High
CVE-2022-23516 was published for loofah (RubyGems) Dec 13, 2022
Inefficient Regular Expression Complexity in Loofah High
CVE-2022-23514 was published for loofah (RubyGems) Dec 13, 2022
Unchecked return value from xmlTextReaderExpand High
CVE-2022-23476 was published for nokogiri (RubyGems) Dec 8, 2022
Sinatra vulnerable to Reflected File Download attack High
CVE-2022-45442 was published for sinatra (RubyGems) Nov 30, 2022
motoyasu-saburi
HTTP response splitting in CGI High
CVE-2021-33621 was published for cgi (RubyGems) Nov 19, 2022
meineerde
arr-pm vulnerable to arbitrary shell execution when extracting or listing files contained in a malicious rpm. High
CVE-2022-39224 was published for arr-pm (RubyGems) Sep 21, 2022
joernchen
ProTip! Advisories are also available from the GraphQL API