Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

826 advisories

Cross-site scripting (XSS) in Action messages on Avo Moderate
CVE-2024-22411 was published for avo (RubyGems) Jan 17, 2024
stevegeek tamaloa
avo vulnerable to stored cross-site scripting (XSS) in key_value field High
CVE-2024-22191 was published for avo (RubyGems) Jan 16, 2024
Mys7ic FLX-0x00
tamaloa
Resque vulnerable to reflected XSS in resque-web failed and queues lists Moderate
CVE-2023-50725 was published for resque (RubyGems) Dec 18, 2023
madslundholmdk
Puppet Denial of Service and Arbitrary File Write Low
CVE-2012-1987 was published for puppet (RubyGems) May 14, 2022
RedCloth Regular Expression Denial of Service issue High
CVE-2023-31606 was published for RedCloth (RubyGems) Jun 6, 2023
trautlein
Omniauth::MicrosoftGraph Account takeover (nOAuth) High
CVE-2024-21632 was published for omniauth-microsoft_graph (RubyGems) Jan 3, 2024
makuga01
Puma HTTP Request/Response Smuggling vulnerability Moderate
CVE-2024-21647 was published for puma (RubyGems) Jan 8, 2024
bartekn
view_component Cross-site Scripting vulnerability Moderate
CVE-2024-21636 was published for view_component (RubyGems) Jan 4, 2024
BlakeWilliams camertron
httparty has multipart/form-data request tampering vulnerability Moderate
CVE-2024-22049 was published for httparty (RubyGems) Jan 3, 2023
motoyasu-saburi
Malicious URL drafting attack against iodines static file server may allow path traversal Low
CVE-2024-22050 was published for iodine (RubyGems) Oct 7, 2019
encoded_id-rails potential DOS vulnerability due to URIs with extremely long encoded IDs High
CVE-2024-0241 was published for encoded_id-rails (RubyGems) Oct 24, 2023
Race Condition leading to logging errors Low
CVE-2024-22047 was published for audited (RubyGems) May 1, 2023
htrgouvea giovannism20
danielmorrison
govuk_tech_docs vulnerable to unescaped HTML on search results page Low
CVE-2024-22048 was published for govuk_tech_docs (RubyGems) Apr 11, 2023
ChrisBAshton
Integer overflow in cmark-gfm table parsing extension leads to heap memory corruption High
CVE-2024-22051 was published for commonmarker (RubyGems) Mar 3, 2022
Arbitrary Code Execution in Rdoc High
CVE-2021-31799 was published for rdoc (RubyGems) Sep 1, 2021
Potential CSV export data leak High
CVE-2023-50448 was published for activeadmin (RubyGems) Dec 15, 2023
emilong
Duplicate Advisory: Integer overflow in cmark-gfm table parsing extension leads to heap memory corruption High
GHSA-c2v4-chx5-vff6 was published for commonmarker (RubyGems) Jan 4, 2024 withdrawn
Duplicate Advisory: Malicious URL drafting attack against iodines static file server may allow path traversal Low
GHSA-qwf7-rv77-fcr3 was published for iodine (RubyGems) Jan 4, 2024 withdrawn
Duplicate Advisory: govuk_tech_docs vulnerable to unescaped HTML on search results page Low
GHSA-4mvm-xh8j-fv27 was published for govuk_tech_docs (RubyGems) Jan 4, 2024 withdrawn
Duplicate Advisory: Race Condition leading to logging errors Low
GHSA-v444-jggx-6v7f was published for audited (RubyGems) Jan 4, 2024 withdrawn
Duplicate Advisory: encoded_id-rails potential DOS vulnerability due to URIs with extremely long encoded IDs High
GHSA-4553-hq82-8654 was published for encoded_id-rails (RubyGems) Jan 4, 2024 withdrawn
Duplicate Advisory: ActiveAdmin vulnerable to CSV injection High
GHSA-rqxc-9p8h-xqgq was published for activeadmin (RubyGems) Dec 24, 2023 withdrawn
Resque Scheduler Reflected XSS In Delayed Jobs View Moderate
CVE-2022-44303 was published for resque-scheduler (RubyGems) Dec 18, 2023
jchristman PatrickTulskie
ActiveAdmin CSV Injection leading to sensitive information disclosure Moderate
CVE-2023-51763 was published for activeadmin (RubyGems) Dec 28, 2023
Resque vulnerable to reflected XSS in Queue Endpoint Moderate
CVE-2023-50727 was published for resque (RubyGems) Dec 18, 2023
priya-hinduja PatrickTulskie
ProTip! Advisories are also available from the GraphQL API