GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
826 advisories
Filter by severity
rack-mini-profiler allows remote attackers to obtain sensitive information about allocated strings and objects
Moderate
CVE-2016-4442
was published
for
rack-mini-profiler
(RubyGems)
Oct 24, 2017
rest-client allows local users to obtain sensitive information by reading the log
Low
CVE-2015-3448
was published
for
rest-client
(RubyGems)
Oct 24, 2017
rails-html-sanitizer Cross-site Scripting vulnerability
Moderate
CVE-2015-7579
was published
for
rails-html-sanitizer
(RubyGems)
Oct 24, 2017
Ruby-SAML Improper Authentication vulnerability
High
CVE-2017-11428
was published
for
ruby-saml
(RubyGems)
Jul 5, 2019
Improper Certificate Validation in oauth ruby gem
High
CVE-2016-11086
was published
for
oauth
(RubyGems)
Apr 22, 2021
Cross-site Scripting in Sidekiq
Moderate
CVE-2021-30151
was published
for
sidekiq
(RubyGems)
Oct 6, 2021
Exposure of Sensitive Information to an Unauthorized Actor in foreman_fog_proxmox
High
CVE-2021-20259
was published
for
foreman_fog_proxmox
(RubyGems)
Jun 10, 2021
Potential Denial-of-Service in bindata
Low
CVE-2021-32823
was published
for
bindata
(RubyGems)
Jun 23, 2021
A potential Denial of Service issue in protobuf-java
High
CVE-2021-22569
was published
for
com.google.protobuf:protobuf-java
(RubyGems)
Jan 7, 2022
papercrop does not properly handle crop input
Critical
CVE-2015-2784
was published
for
papercrop
(RubyGems)
May 24, 2022
net-ldap has weak salt when generating passwords
Moderate
CVE-2014-0083
was published
for
net-ldap
(RubyGems)
May 24, 2022
OS Command Injection in awesome spawn
Critical
CVE-2014-0156
was published
for
awesome_spawn
(RubyGems)
Jul 1, 2022
Several quadratic complexity bugs may lead to denial of service in Commonmarker
Moderate
GHSA-636f-xm5j-pj9m
was published
for
commonmarker
(RubyGems)
Jan 24, 2023
Integer overflow in publify_core
Critical
CVE-2022-1812
was published
for
publify_core
(RubyGems)
Jan 14, 2023
Cross-site scripting in padrino-contrib
Moderate
CVE-2019-16145
was published
for
padrino-contrib
(RubyGems)
Sep 23, 2019
HTTP Request Smuggling in goliath
High
CVE-2020-7671
was published
for
goliath
(RubyGems)
May 24, 2021
festivaltts4r allows arbitrary command execution
Critical
CVE-2016-10194
was published
for
festivaltts4r
(RubyGems)
Oct 24, 2017
Prototype Pollution in chartkick
High
CVE-2019-18841
was published
for
chartkick
(RubyGems)
Dec 2, 2019
paperclip Server-Side Request Forgery vulnerability
Critical
CVE-2017-0889
was published
for
paperclip
(RubyGems)
Jan 22, 2018
Sinatra Path Traversal vulnerability
Moderate
CVE-2018-7212
was published
for
sinatra
(RubyGems)
Feb 20, 2018
radiant vulnerable to Cross-site Scripting
Moderate
CVE-2018-7261
was published
for
radiant
(RubyGems)
Jul 27, 2018
Improper Certificate Validation in TweetStream
Moderate
CVE-2020-24393
was published
for
tweetstream
(RubyGems)
Apr 13, 2021
ldap_fluff authentication bypass
Moderate
CVE-2012-5604
was published
for
ldap_fluff
(RubyGems)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API