Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,653
Erlang
29
GitHub Actions
16
Go
1,706
Maven
4,938
npm
3,471
NuGet
603
pip
2,985
Pub
10
RubyGems
826
Rust
772
Swift
34
Unreviewed advisories
All unreviewed
5,000+

826 advisories

private_address_check contains Incomplete List of Disallowed Inputs High
CVE-2017-0909 was published for private_address_check (RubyGems) Nov 30, 2017
ExifTool vulnerable to arbitrary code execution High
GHSA-q95h-cqrv-8jv5 was published for exiftool_vendored (RubyGems) Jan 20, 2023
dgollahon
active-support impersonates 'activesupport' gem Critical
CVE-2018-3779 was published for active-support (RubyGems) Aug 13, 2018
personnummer/ruby vulnerable to Improper Input Validation Low
GHSA-vp9c-fpxx-744v was published for personnummer (RubyGems) Sep 23, 2020
Integer Overflow or Wraparound in libxml2 affects Nokogiri High
GHSA-cgx6-hpwq-fhv5 was published for nokogiri (RubyGems) May 18, 2022
XML Injection in Xerces Java affects Nokogiri Moderate
GHSA-xxx9-3xcr-gjj3 was published for nokogiri (RubyGems) Apr 11, 2022
Out-of-bounds Write in zlib affects Nokogiri High
GHSA-v6gp-9mmm-c6p5 was published for nokogiri (RubyGems) Apr 11, 2022
Denial of Service (DoS) in Nokogiri on JRuby High
GHSA-gx8x-g87m-h5q6 was published for nokogiri (RubyGems) Apr 11, 2022
Vulnerable dependencies in Nokogiri High
GHSA-fq42-c5rg-92c2 was published for nokogiri (RubyGems) Feb 25, 2022
Pageflow vulnerable to sensitive user data extraction via Ransack query injection High
GHSA-wrrw-crp8-979q was published for pageflow (RubyGems) Sep 15, 2022
Pageflow vulnerable to insecure direct object reference in membership update endpoint High
GHSA-qcqv-38jg-2r43 was published for pageflow (RubyGems) Sep 15, 2022
SQLite3 addresses vulnerability in packaged version of libsqlite Low
GHSA-mgvv-5mxp-xq67 was published for sqlite3 (RubyGems) Oct 3, 2022
Authentication Bypass by CSRF Weakness Critical
GHSA-5629-8855-gf4g was published for solidus_core (RubyGems) Nov 18, 2021
oliverchang
Withdrawn: HTTP Request Smuggling in Agoo Moderate
CVE-2020-7670 was published for agoo (RubyGems) Oct 20, 2020 withdrawn
Moderate severity vulnerability that affects paperclip Moderate
GHSA-phmw-pv3f-vvx7 was published for paperclip (RubyGems) Aug 13, 2018 withdrawn
High severity vulnerability that affects colorscore High
GHSA-9wcm-rrvh-qjc8 was published for colorscore (RubyGems) Aug 15, 2018 withdrawn
High severity vulnerability that affects safemode High
GHSA-8474-rc7c-wrhp was published for safemode (RubyGems) Aug 8, 2018 withdrawn
Moderate severity vulnerability that affects actionpack Moderate
GHSA-m53f-rhq8-q6hf was published for actionpack (RubyGems) Sep 17, 2018 withdrawn
Moderate severity vulnerability that affects actionpack Moderate
GHSA-qf5x-qgx7-437h was published for actionpack (RubyGems) Sep 17, 2018 withdrawn
Moderate severity vulnerability that affects sprockets Moderate
GHSA-r4x3-g983-9g48 was published for sprockets (RubyGems) Oct 10, 2018 withdrawn
Moderate severity vulnerability that affects web-console Moderate
GHSA-82x2-g7vr-39wq was published for web-console (RubyGems) Aug 13, 2018 withdrawn
CSS Injection in Chartkick gem Moderate
CVE-2020-16254 was published for chartkick (RubyGems) Aug 12, 2020
High severity vulnerability that affects espeak-ruby High
GHSA-w655-w578-99pq was published for espeak-ruby (RubyGems) Aug 21, 2018 withdrawn
High severity vulnerability that affects activerecord High
GHSA-hm48-76wh-q86v was published for activerecord (RubyGems) Aug 21, 2018 withdrawn
Moderate severity vulnerability that affects actionpack Moderate
GHSA-vwfg-qj3r-6v3r was published for actionpack (RubyGems) Sep 17, 2018 withdrawn
ProTip! Advisories are also available from the GraphQL API