Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

826 advisories

Denial of Service in jquery High
CVE-2016-10707 was published for jQuery (RubyGems) Jan 22, 2018
Chef Improper Access Control vulnerability Moderate
CVE-2010-5142 was published for chef (RubyGems) May 17, 2022
WEBrick Denial of Service Vulnerability High
CVE-2008-4310 was published for webrick (RubyGems) May 2, 2022
Denial of Service in uap-core when processing crafted User-Agent strings Moderate
CVE-2020-5243 was published for uap-core (RubyGems) Feb 20, 2020
bcaller
Puppet arbitrary files overwrite via a symlink attack Low
CVE-2010-0156 was published for puppet (RubyGems) May 2, 2022
Puppet Arbitrary Command Execution Moderate
CVE-2012-1988 was published for puppet (RubyGems) May 14, 2022
ReDoS based DoS vulnerability in Action Dispatch Low
CVE-2023-22792 was published for actionpack (RubyGems) Jan 18, 2023
robertoz-01 postmodern
SQL Injection Vulnerability via ActiveRecord comments High
CVE-2023-22794 was published for activerecord (RubyGems) Jan 18, 2023
kurt-r2c
Open Redirect in ActionPack Moderate
CVE-2021-22942 was published for actionpack (RubyGems) Aug 26, 2021
Rails::Html::Sanitizer vulnerable to Cross-site Scripting Moderate
CVE-2022-32209 was published for rails-html-sanitizer (RubyGems) Jun 25, 2022
tdunlap607
Exposure of information in Action Pack High
CVE-2022-23633 was published for actionpack (RubyGems) Feb 11, 2022
byroot
hammer_cli_foreman Improper Certificate Validation vulnerability High
CVE-2017-2667 was published for hammer_cli_foreman (RubyGems) May 13, 2022
Regular expression denial of service vulnerability (ReDoS) in date High
CVE-2021-41817 was published for date (RubyGems) Nov 16, 2021
SValkanov
Buffer overrun in CGI.escape_html Critical
CVE-2021-41816 was published for cgi (RubyGems) Dec 14, 2021
kir-b
Cookie Prefix Spoofing in CGI::Cookie.parse High
CVE-2021-41819 was published for cgi (RubyGems) Jan 21, 2022
kir-b
HTTP response splitting in CGI High
CVE-2021-33621 was published for cgi (RubyGems) Nov 19, 2022
meineerde
Ruby Time component ReDoS issue High
CVE-2023-28756 was published for time (RubyGems) Mar 31, 2023
Duplicate Advisory: httparty has multipart/form-data request tampering vulnerability Moderate
GHSA-g47j-3m2m-74qv was published for httparty (RubyGems) Jan 4, 2024 withdrawn
Bootstrap vulnerable to Cross-Site Scripting (XSS) Moderate
CVE-2018-14040 was published for bootstrap (RubyGems) May 13, 2022
jhutchings1 stof
Churro tdunlap607 jenhae
Bootstrap Cross-site Scripting vulnerability Moderate
CVE-2018-14042 was published for bootstrap (RubyGems) Sep 13, 2018
tdunlap607 1Jesper1
Resque vulnerable to Reflected Cross Site Scripting through pathnames Moderate
CVE-2023-50724 was published for resque (RubyGems) Dec 18, 2023
brianvans 0977732077
Puppet does not properly restrict access to node resources Moderate
CVE-2011-0528 was published for puppet (RubyGems) May 14, 2022
Puppet uses predictable filenames, allowing arbitrary file overwrite Moderate
CVE-2011-3871 was published for puppet (RubyGems) May 14, 2022
Puppet allows local users to modify the permissions of arbitrary files Moderate
CVE-2011-3870 was published for puppet (RubyGems) May 14, 2022
Puppet arbitrary file overwrite Moderate
CVE-2011-3869 was published for puppet (RubyGems) May 14, 2022
ProTip! Advisories are also available from the GraphQL API