GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
287 advisories
Filter by severity
VladTheEnterprising allows local users to obtain sensitive information by reading MySQL root password from temporary file
High
CVE-2014-4995
was published
for
VladTheEnterprising
(RubyGems)
May 14, 2022
kajam allows local users to obtain sensitive information by listing the process
High
CVE-2014-4999
was published
for
kajam
(RubyGems)
May 14, 2022
point-cli allows local users to obtain sensitive information by listing the process
High
CVE-2014-4997
was published
for
point-cli
(RubyGems)
May 14, 2022
lean-ruport allows local users to obtain sensitive information by listing the process
High
CVE-2014-4998
was published
for
lean-ruport
(RubyGems)
May 14, 2022
Echor Ruby Gem credentials can be stolen via process table monitoring
High
CVE-2014-1835
was published
for
echor
(RubyGems)
May 14, 2022
Nokogiri gem, via libxml, is affected by DoS vulnerabilities
High
CVE-2017-15412
was published
for
nokogiri
(RubyGems)
May 14, 2022
Ruby OpenSSL DoS Vulnerability
High
CVE-2017-14033
was published
for
openssl
(RubyGems)
May 14, 2022
i18n Vulnerable to Denial of Service Attack
High
CVE-2014-10077
was published
for
i18n
(RubyGems)
May 14, 2022
Fileutils Command Injection vulnerability
High
CVE-2013-2516
was published
for
fileutils
(RubyGems)
May 14, 2022
Phusion Passenger Race Condition Allows Privilege Escalation
High
CVE-2018-12029
was published
for
passenger
(RubyGems)
May 14, 2022
Katello SQL Injection vulnerabilities
High
CVE-2016-3072
was published
for
katello
(RubyGems)
May 14, 2022
RubyGems vulnerable to DNS hijack attack
High
CVE-2015-3900
was published
for
rubygems-update
(RubyGems)
May 14, 2022
RubyGems Improper Input Validation vulnerability
High
CVE-2017-0900
was published
for
rubygems-update
(RubyGems)
May 14, 2022
RubyGems Deserialization of Untrusted Data vulnerability
High
CVE-2018-1000074
was published
for
org.jruby:jruby-stdlib
(RubyGems)
May 14, 2022
Logstash Logs Sensitive Information
High
CVE-2016-1000221
was published
for
logstash-core
(RubyGems)
May 14, 2022
Asciidoctor Infinite Loop vulnerability
High
CVE-2018-18385
was published
for
asciidoctor
(RubyGems)
May 13, 2022
Insecure Permissions in Phusion Passenger
High
CVE-2018-12027
was published
for
passenger
(RubyGems)
May 13, 2022
Incorrect Access Control in Phusion Passenger
High
CVE-2018-12028
was published
for
passenger
(RubyGems)
May 13, 2022
RubyGems Infinite Loop vulnerability
High
CVE-2018-1000075
was published
for
org.jruby:jruby-stdlib
(RubyGems)
May 13, 2022
RubyGems may allow a maliciously crafted gem to overwrite files
High
CVE-2017-0901
was published
for
rubygems-update
(RubyGems)
May 13, 2022
RubyGems has Origin Validation Error vulnerability
High
CVE-2017-0902
was published
for
rubygems-update
(RubyGems)
May 13, 2022
hammer_cli_foreman Improper Certificate Validation vulnerability
High
CVE-2017-2667
was published
for
hammer_cli_foreman
(RubyGems)
May 13, 2022
Gem in a Box vulnerable to Cross-site Request Forgery
High
CVE-2017-14683
was published
for
geminabox
(RubyGems)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API