Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

384 advisories

pubnub Insufficient Entropy vulnerability Moderate
CVE-2023-26154 was published for Pubnub (RubyGems) Dec 6, 2023
CarrierWave Content-Type allowlist bypass vulnerability, possibly leading to XSS Moderate
CVE-2023-49090 was published for carrierwave (RubyGems) Nov 29, 2023
a-zara-n
memory leak flaw was found in ruby-magick Moderate
CVE-2023-5349 was published for rmagick (RubyGems) Oct 30, 2023
svg_optimizer rubygem external XML entity (XXE) vulnerability Moderate
CVE-2023-46035 was published for svg_optimizer (RubyGems) Oct 20, 2023
sidekiq Denial of Service vulnerability Moderate
CVE-2023-26141 was published for sidekiq (RubyGems) Sep 14, 2023
wwahammy kflavin
martingregoire
Several quadratic complexity bugs may lead to denial of service in Commonmarker Moderate
GHSA-7vh7-fw88-wj87 was published for commonmarker (RubyGems) Aug 8, 2023
protocol-http1 HTTP Request/Response Smuggling vulnerability Moderate
CVE-2023-38697 was published for protocol-http1 (RubyGems) Aug 3, 2023
mukeran chenjj
ioquatix
Decidim Cross-site Scripting vulnerability in the external link redirections Moderate
CVE-2023-32693 was published for decidim (RubyGems) Jul 11, 2023
p- alecslupu
ahukkanen andreslucena
gRPC connection termination issue Moderate
CVE-2023-32732 was published for grpc (RubyGems) Jul 6, 2023
jonasfj
URI gem has ReDoS vulnerability Moderate
CVE-2023-36617 was published for uri (RubyGems) Jun 29, 2023
jasnow maxfelsher-cgi
Actionpack has possible cross-site scripting vulnerability via User Supplied Values to redirect_to Moderate
CVE-2023-28362 was published for actionpack (RubyGems) Jun 29, 2023
Duplicate Advisory: jQuery Cross Site Scripting vulnerability Moderate
CVE-2020-23064 was published for jQuery (RubyGems) Jun 26, 2023 withdrawn
eoftedal
Doorkeeper Improper Authentication vulnerability Moderate
CVE-2023-34246 was published for doorkeeper (RubyGems) Jun 12, 2023
hickford rgammans
adam-h nbudin nbulaj
rails-ujs vulnerable to DOM Based Cross-site Scripting contenteditable HTML Elements Moderate
CVE-2023-23913 was published for actionview (RubyGems) Jun 9, 2023
Kredis JSON Possible Deserialization of Untrusted Data Vulnerability Moderate
CVE-2023-27531 was published for kredis (RubyGems) Jun 9, 2023
Commonmarker vulnerable to to several quadratic complexity bugs that may lead to denial of service Moderate
GHSA-48wp-p9qv-4j64 was published for commonmarker (RubyGems) Apr 11, 2023
Nokogiri updates packaged libxml2 to v2.10.4 to resolve multiple CVEs Moderate
GHSA-pxvg-2qj5-37jq was published for nokogiri (RubyGems) Apr 11, 2023
unpoly-rails Denial of Service vulnerability Moderate
CVE-2023-28846 was published for unpoly-rails (RubyGems) Mar 30, 2023
codener triskweline
moritz-makandra fheinle-mak
Reflective Cross-site Scripting Vulnerability in twitter-bootstrap-rails Moderate
CVE-2014-4920 was published for twitter-bootstrap-rails (RubyGems) Mar 16, 2023
Possible XSS Security Vulnerability in SafeBuffer#bytesplice Moderate
CVE-2023-28120 was published for activesupport (RubyGems) Mar 15, 2023
Clockwork Web contains a Cross-Site Request Forgery Vulnerability with Rails < 5.2 Moderate
CVE-2023-25015 was published for clockwork_web (RubyGems) Feb 2, 2023
Publify contains Weak Password Requirements Moderate
CVE-2023-0569 was published for publify_core (RubyGems) Jan 29, 2023
Improper neutralization of `noscript` element content may allow XSS in Sanitize Moderate
CVE-2023-23627 was published for sanitize (RubyGems) Jan 28, 2023
leeN
xaviershay-dm-rails Gem for Ruby exposes sensitive information via the process table Moderate
CVE-2015-2179 was published for xaviershay-dm-rails (RubyGems) Jan 26, 2023
Several quadratic complexity bugs may lead to denial of service in Commonmarker Moderate
GHSA-636f-xm5j-pj9m was published for commonmarker (RubyGems) Jan 24, 2023
ProTip! Advisories are also available from the GraphQL API