GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
826 advisories
Filter by severity
activesupport Cross-site Scripting vulnerability
Moderate
CVE-2012-3464
was published
for
activesupport
(RubyGems)
Oct 24, 2017
i18n gem Cross-site Scripting vulnerability
Moderate
CVE-2013-4492
was published
for
i18n
(RubyGems)
Oct 24, 2017
Shell command injection in command_wrap
High
CVE-2013-1875
was published
for
command_wrap
(RubyGems)
Oct 24, 2017
actionmailer email address processing causes Denial of service
Moderate
CVE-2013-4389
was published
for
actionmailer
(RubyGems)
Oct 24, 2017
Wicked gem contains Path traversal vulnerability
Moderate
CVE-2013-4413
was published
for
wicked
(RubyGems)
Oct 24, 2017
Sounder Contains Arbitrary Command Execution Vulnerability
High
CVE-2013-5647
was published
for
sounder
(RubyGems)
Oct 24, 2017
Active Record contains SQL Injection
High
CVE-2012-6496
was published
for
activerecord
(RubyGems)
Oct 24, 2017
activesupport Improper Input Validation vulnerability
Moderate
CVE-2013-1856
was published
for
activesupport
(RubyGems)
Oct 24, 2017
Creme Fraiche contains OS Command Injection
Critical
CVE-2013-2090
was published
for
cremefraiche
(RubyGems)
Oct 24, 2017
insecure temporary directory usage in passenger
Moderate
CVE-2013-4136
was published
for
passenger
(RubyGems)
Oct 24, 2017
JSON gem has Improper Input Validation vulnerability
High
CVE-2013-0269
was published
for
json
(RubyGems)
Oct 24, 2017
Denial of service in ruby-openid
Moderate
CVE-2013-1812
was published
for
ruby-openid
(RubyGems)
Oct 24, 2017
Phusion Passenger Denial of Service
Moderate
CVE-2013-2119
was published
for
passenger
(RubyGems)
Oct 24, 2017
Code injection in dragonfly gem
High
CVE-2013-5671
was published
for
dragonfly
(RubyGems)
Oct 24, 2017
RDoc contains XSS vulnerability
Moderate
CVE-2013-0256
was published
for
rdoc
(RubyGems)
Oct 24, 2017
Script Injection in Show In Browser gem
Moderate
CVE-2013-2105
was published
for
show_in_browser
(RubyGems)
Oct 24, 2017
Shell Metacharacter Injection in kelredd-pruview
Critical
CVE-2013-1947
was published
for
kelredd-pruview
(RubyGems)
Oct 24, 2017
Puppet allows local users to obtain sensitive configuration information
Low
CVE-2012-3866
was published
for
puppet
(RubyGems)
Oct 24, 2017
Puppet Improper Input Validation vulnerability
High
CVE-2013-1655
was published
for
puppet
(RubyGems)
Oct 24, 2017
Puppet Improper Input Validation vulnerability
High
CVE-2013-3567
was published
for
puppet
(RubyGems)
Oct 24, 2017
Puppet allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service
Moderate
CVE-2013-4761
was published
for
puppet
(RubyGems)
Oct 24, 2017
Puppet vulnerable to Path Traversal
Low
CVE-2012-3865
was published
for
puppet
(RubyGems)
Oct 24, 2017
Pupper does not properly restrict characters in Common Name field of Certificate Signing Request
Moderate
CVE-2012-3867
was published
for
puppet
(RubyGems)
Oct 24, 2017
jquery-ui Tooltip widget vulnerable to XSS
Moderate
CVE-2012-6662
was published
for
jQuery.UI.Combined
(RubyGems)
Oct 24, 2017
ProTip!
Advisories are also available from the
GraphQL API