GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,680
Erlang
29
GitHub Actions
16
Go
1,707
Maven
4,940
npm
3,473
NuGet
603
pip
2,993
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
287 advisories
Filter by severity
Pageflow vulnerable to insecure direct object reference in membership update endpoint
High
GHSA-qcqv-38jg-2r43
was published
for
pageflow
(RubyGems)
Sep 15, 2022
Pageflow vulnerable to sensitive user data extraction via Ransack query injection
High
GHSA-wrrw-crp8-979q
was published
for
pageflow
(RubyGems)
Sep 15, 2022
TZInfo relative path traversal vulnerability allows loading of arbitrary files
High
CVE-2022-31163
was published
for
tzinfo
(RubyGems)
Jul 21, 2022
opensearch-ruby 2.x before 2.0.2 vulnerable to unsafe YAML deserialization
High
CVE-2022-31115
was published
for
opensearch-ruby
(RubyGems)
Jul 5, 2022
Denial of Service Vulnerability in Rack Multipart Parsing
High
CVE-2022-30122
was published
for
rack
(RubyGems)
May 27, 2022
Camaleon CMS Insufficient Session Expiration vulnerability
High
CVE-2021-25970
was published
for
camaleon_cms
(RubyGems)
May 24, 2022
Nokogiri has vulnerable dependencies on libxml2 and libxslt
High
CVE-2021-30560
was published
for
nokogiri
(RubyGems)
May 24, 2022
Nokogiri contains libxml Out-of-bounds Write vulnerability
High
CVE-2021-3517
was published
for
nokogiri
(RubyGems)
May 24, 2022
Nokogiri Implements libxml2 version vulnerable to use-after-free
High
CVE-2021-3518
was published
for
nokogiri
(RubyGems)
May 24, 2022
Metasploit Framework user exposes Metasploit to same deserialization issue that is exploited by that module
High
CVE-2020-7385
was published
for
metasploit-framework
(RubyGems)
May 24, 2022
WEBRick vulnerable to HTTP Request/Response Smuggling
High
CVE-2020-25613
was published
for
webrick
(RubyGems)
May 24, 2022
Nokogiri implementation of libxslt vulnerable to heap corruption
High
CVE-2019-5815
was published
for
nokogiri
(RubyGems)
May 24, 2022
Missing Initialization of Resource in Apache Arrow
High
CVE-2019-12410
was published
for
pyarrow
(RubyGems)
May 24, 2022
Missing Initialization of Resource in Apache Arrow
High
CVE-2019-12408
was published
for
pyarrow
(RubyGems)
May 24, 2022
Nokogiri affected by libxslt Use of Uninitialized Resource/Use After Free vulnerability
High
CVE-2019-18197
was published
for
nokogiri
(RubyGems)
May 24, 2022
Elastic APM agent for Ruby vulnerable to Improper Certificate Validation
High
CVE-2019-7615
was published
for
elastic-apm
(RubyGems)
May 24, 2022
libxslt Type Confusion vulnerability that affects Nokogiri
High
CVE-2019-13118
was published
for
nokogiri
(RubyGems)
May 24, 2022
Uninitialized read in Nokogiri gem
High
CVE-2019-13117
was published
for
nokogiri
(RubyGems)
May 24, 2022
Nokogiri Improperly Handles Unexpected Data Type
High
CVE-2022-29181
was published
for
nokogiri
(RubyGems)
May 23, 2022
Insecure PRNG use in random_password_generator
High
CVE-2019-25061
was published
for
random_password_generator
(RubyGems)
May 19, 2022
Integer Overflow or Wraparound in libxml2 affects Nokogiri
High
GHSA-cgx6-hpwq-fhv5
was published
for
nokogiri
(RubyGems)
May 18, 2022
Publify vulnerable to DoS attack
High
CVE-2014-3211
was published
for
publify_core
(RubyGems)
May 17, 2022
Karteek Docsplit vulnerable to OS Command Injection
High
CVE-2013-1933
was published
for
karteek-docsplit
(RubyGems)
May 17, 2022
backup-agoddard and backup_checksum have Information Exposure vulnerability
High
CVE-2014-4993
was published
for
backup-agoddard
(RubyGems)
May 14, 2022
codders-dataset Process Table Local Plaintext Credential Disclosure
High
CVE-2014-4991
was published
for
codders-dataset
(RubyGems)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API