Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,444
Erlang
29
GitHub Actions
16
Go
1,668
Maven
4,928
npm
3,458
NuGet
595
pip
2,876
Pub
10
RubyGems
823
Rust
766
Swift
34
Unreviewed advisories
All unreviewed
5,000+

823 advisories

Rack vulnerable to Denial of Service via large parameter depth request Moderate
CVE-2015-3225 was published for rack (RubyGems) Oct 24, 2017
rbovirt uses the rest-client gem with SSL verification disabled Moderate
CVE-2014-0036 was published for rbovirt (RubyGems) Oct 24, 2017
actionpack Cross-site Scripting vulnerability Moderate
CVE-2013-6416 was published for actionpack (RubyGems) Oct 24, 2017
sfpagent Command Injection vulnerability High
CVE-2014-2888 was published for sfpagent (RubyGems) Oct 24, 2017
Web Console (Ruby gem) contains whitelisted_ips bypass Moderate
CVE-2015-3224 was published for web-console (RubyGems) Oct 24, 2017
Arabic Prawn allows remote attackers to execute arbitrary commands via shell metacharacters High
CVE-2014-2322 was published for arabic-prawn (RubyGems) Oct 24, 2017
oliverchang
OpenSSL gem for Ruby using inadequate encryption strength High
CVE-2016-7798 was published for openssl (RubyGems) Oct 24, 2017
ActiveRecord in Ruby on Rails allows database-query bypass High
CVE-2016-6317 was published for activerecord (RubyGems) Oct 24, 2017
actionpack allows remote code execution via application's unrestricted use of render method High
CVE-2016-2098 was published for actionpack (RubyGems) Oct 24, 2017
actionview Cross-site Scripting vulnerability Moderate
CVE-2016-6316 was published for actionview (RubyGems) Oct 24, 2017
jQuery-UI vulnerable to Cross-site Scripting in dialog closeText Moderate
CVE-2016-7103 was published for jQuery.UI.Combined (RubyGems) Oct 24, 2017
actionview contains Path Traversal vulnerability Moderate
CVE-2016-2097 was published for actionpack (RubyGems) Oct 24, 2017
Directory traversal vulnerability in Action View in Ruby on Rails High
CVE-2016-0752 was published for actionpack (RubyGems) Oct 24, 2017
rack-mini-profiler allows remote attackers to obtain sensitive information about allocated strings and objects Moderate
CVE-2016-4442 was published for rack-mini-profiler (RubyGems) Oct 24, 2017
Doorkeeper is vulnerable to replay attacks Critical
CVE-2016-6582 was published for doorkeeper (RubyGems) Oct 24, 2017
actionpack is vulnerable to denial of service via a crafted HTTP Accept header High
CVE-2016-0751 was published for actionpack (RubyGems) Oct 24, 2017
Safemode Gem Has Incomplete List of Disallowed Inputs Critical
CVE-2017-7540 was published for safemode (RubyGems) Oct 24, 2017
activemodel contains Improper Input Validation Moderate
CVE-2016-0753 was published for activemodel (RubyGems) Oct 24, 2017
safemode gem allows context-dependent attackers to obtain sensitive information via the inspect method High
CVE-2016-3693 was published for safemode (RubyGems) Oct 24, 2017
archive-tar-minitar and minitar vulnerable to Path Traversal High
CVE-2016-10173 was published for archive-tar-minitar (RubyGems) Oct 24, 2017
festivaltts4r allows arbitrary command execution Critical
CVE-2016-10194 was published for festivaltts4r (RubyGems) Oct 24, 2017
Directory traversal vulnerability in RubyZip Critical
CVE-2017-5946 was published for rubyzip (RubyGems) Oct 24, 2017
tdunlap607
espeak-ruby allows arbitrary command execution Critical
CVE-2016-10193 was published for espeak-ruby (RubyGems) Oct 24, 2017
tdunlap607
ProTip! Advisories are also available from the GraphQL API