GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,678
Erlang
29
GitHub Actions
16
Go
1,707
Maven
4,940
npm
3,471
NuGet
603
pip
2,993
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
826 advisories
Filter by severity
Duplicate Advisory: jQuery Cross Site Scripting vulnerability
Moderate
CVE-2020-23064
was published
for
jQuery
(RubyGems)
Jun 26, 2023
•
withdrawn
Doorkeeper Improper Authentication vulnerability
Moderate
CVE-2023-34246
was published
for
doorkeeper
(RubyGems)
Jun 12, 2023
rails-ujs vulnerable to DOM Based Cross-site Scripting contenteditable HTML Elements
Moderate
CVE-2023-23913
was published
for
actionview
(RubyGems)
Jun 9, 2023
Kredis JSON Possible Deserialization of Untrusted Data Vulnerability
Moderate
CVE-2023-27531
was published
for
kredis
(RubyGems)
Jun 9, 2023
RedCloth Regular Expression Denial of Service issue
High
CVE-2023-31606
was published
for
RedCloth
(RubyGems)
Jun 6, 2023
avo possible unsafe reflection / partial DoS vulnerability
High
CVE-2023-34102
was published
for
avo
(RubyGems)
Jun 6, 2023
avo vulnerable to Stored XSS (Cross Site Scripting) in html content based fields
High
CVE-2023-34103
was published
for
avo
(RubyGems)
Jun 6, 2023
ruby-saml vulnerable to XPath injection
Critical
CVE-2015-20108
was published
for
ruby-saml
(RubyGems)
May 27, 2023
Server-Side Template Injection in Camaleon CMS
Critical
CVE-2023-30145
was published
for
camaleon_cms
(RubyGems)
May 26, 2023
Race Condition leading to logging errors
Low
CVE-2024-22047
was published
for
audited
(RubyGems)
May 1, 2023
Buffer overflow in sponge queue functions
Critical
CVE-2022-37454
was published
for
pysha3
(RubyGems)
Apr 26, 2023
Sensitive Terraform Output Values Printed At Info Logging Level In Kitchen-Terraform
Low
CVE-2023-30618
was published
for
kitchen-terraform
(RubyGems)
Apr 24, 2023
sidekiq vulnerable to cross-site scripting
High
CVE-2023-1892
was published
for
sidekiq
(RubyGems)
Apr 21, 2023
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in Pay
High
CVE-2023-30614
was published
for
pay
(RubyGems)
Apr 20, 2023
Commonmarker vulnerable to to several quadratic complexity bugs that may lead to denial of service
Moderate
GHSA-48wp-p9qv-4j64
was published
for
commonmarker
(RubyGems)
Apr 11, 2023
Nokogiri updates packaged libxml2 to v2.10.4 to resolve multiple CVEs
Moderate
GHSA-pxvg-2qj5-37jq
was published
for
nokogiri
(RubyGems)
Apr 11, 2023
govuk_tech_docs vulnerable to unescaped HTML on search results page
Low
CVE-2024-22048
was published
for
govuk_tech_docs
(RubyGems)
Apr 11, 2023
Fluent Fluentd and Fluent-ui use default password
High
CVE-2020-21514
was published
for
fluentd
(RubyGems)
Apr 4, 2023
unpoly-rails Denial of Service vulnerability
Moderate
CVE-2023-28846
was published
for
unpoly-rails
(RubyGems)
Mar 30, 2023
Reflective Cross-site Scripting Vulnerability in twitter-bootstrap-rails
Moderate
CVE-2014-4920
was published
for
twitter-bootstrap-rails
(RubyGems)
Mar 16, 2023
Possible Denial of Service Vulnerability in Rack's header parsing
Low
CVE-2023-27539
was published
for
rack
(RubyGems)
Mar 15, 2023
Possible XSS Security Vulnerability in SafeBuffer#bytesplice
Moderate
CVE-2023-28120
was published
for
activesupport
(RubyGems)
Mar 15, 2023
Rack has possible DoS Vulnerability in Multipart MIME parsing
High
CVE-2023-27530
was published
for
rack
(RubyGems)
Mar 8, 2023
ProTip!
Advisories are also available from the
GraphQL API