Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

826 advisories

rgpg Code Injection vulnerability High
CVE-2013-4203 was published for rgpg (RubyGems) Oct 24, 2017
activesupport Cross-site Scripting vulnerability Moderate
CVE-2012-3464 was published for activesupport (RubyGems) Oct 24, 2017
tdunlap607
i18n gem Cross-site Scripting vulnerability Moderate
CVE-2013-4492 was published for i18n (RubyGems) Oct 24, 2017
Shell command injection in command_wrap High
CVE-2013-1875 was published for command_wrap (RubyGems) Oct 24, 2017
actionmailer email address processing causes Denial of service Moderate
CVE-2013-4389 was published for actionmailer (RubyGems) Oct 24, 2017
Wicked gem contains Path traversal vulnerability Moderate
CVE-2013-4413 was published for wicked (RubyGems) Oct 24, 2017
Sounder Contains Arbitrary Command Execution Vulnerability High
CVE-2013-5647 was published for sounder (RubyGems) Oct 24, 2017
Active Record contains SQL Injection High
CVE-2012-6496 was published for activerecord (RubyGems) Oct 24, 2017
activesupport Improper Input Validation vulnerability Moderate
CVE-2013-1856 was published for activesupport (RubyGems) Oct 24, 2017
Creme Fraiche contains OS Command Injection Critical
CVE-2013-2090 was published for cremefraiche (RubyGems) Oct 24, 2017
insecure temporary directory usage in passenger Moderate
CVE-2013-4136 was published for passenger (RubyGems) Oct 24, 2017
JSON gem has Improper Input Validation vulnerability High
CVE-2013-0269 was published for json (RubyGems) Oct 24, 2017
Denial of service in ruby-openid Moderate
CVE-2013-1812 was published for ruby-openid (RubyGems) Oct 24, 2017
Phusion Passenger Denial of Service Moderate
CVE-2013-2119 was published for passenger (RubyGems) Oct 24, 2017
Code injection in dragonfly gem High
CVE-2013-5671 was published for dragonfly (RubyGems) Oct 24, 2017
G-Rath
RDoc contains XSS vulnerability Moderate
CVE-2013-0256 was published for rdoc (RubyGems) Oct 24, 2017
Script Injection in Show In Browser gem Moderate
CVE-2013-2105 was published for show_in_browser (RubyGems) Oct 24, 2017
Shell Metacharacter Injection in kelredd-pruview Critical
CVE-2013-1947 was published for kelredd-pruview (RubyGems) Oct 24, 2017
Puppet allows local users to obtain sensitive configuration information Low
CVE-2012-3866 was published for puppet (RubyGems) Oct 24, 2017
Puppet Improper Input Validation vulnerability High
CVE-2013-1655 was published for puppet (RubyGems) Oct 24, 2017
Puppet Improper Input Validation vulnerability High
CVE-2013-3567 was published for puppet (RubyGems) Oct 24, 2017
Puppet allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service Moderate
CVE-2013-4761 was published for puppet (RubyGems) Oct 24, 2017
Puppet vulnerable to Path Traversal Low
CVE-2012-3865 was published for puppet (RubyGems) Oct 24, 2017
Pupper does not properly restrict characters in Common Name field of Certificate Signing Request Moderate
CVE-2012-3867 was published for puppet (RubyGems) Oct 24, 2017
jquery-ui Tooltip widget vulnerable to XSS Moderate
CVE-2012-6662 was published for jQuery.UI.Combined (RubyGems) Oct 24, 2017
ProTip! Advisories are also available from the GraphQL API