GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,678
Erlang
29
GitHub Actions
16
Go
1,707
Maven
4,940
npm
3,471
NuGet
603
pip
2,993
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
287 advisories
Filter by severity
RubyGems Link Following vulnerability
High
CVE-2018-1000073
was published
for
org.jruby:jruby-stdlib
(RubyGems)
May 13, 2022
open-uri-cached Gem for Ruby Unsafe Temporary File Creation Enables Code Execution
High
CVE-2015-3649
was published
for
open-uri-cached
(RubyGems)
May 13, 2022
mixlib-archive Path Traversal vulnerability
High
CVE-2017-1000026
was published
for
mixlib-archive
(RubyGems)
May 13, 2022
Nokogiri gem, via libxml, is affected by DoS vulnerabilities
High
CVE-2017-16932
was published
for
nokogiri
(RubyGems)
May 13, 2022
omniauth-facebook Improper Authentication vulnerability
High
CVE-2013-4593
was published
for
omniauth-facebook
(RubyGems)
May 5, 2022
sinatra does not validate expanded path matches
High
CVE-2022-29970
was published
for
sinatra
(RubyGems)
May 3, 2022
WEBrick Denial of Service Vulnerability
High
CVE-2008-4310
was published
for
webrick
(RubyGems)
May 2, 2022
Nokogiri is vulnerable to XML External Entity (XXE) attack
High
CVE-2012-6685
was published
for
nokogiri
(RubyGems)
Apr 23, 2022
RubyGems passenger gem allows remote attackers to delete files
High
CVE-2012-6135
was published
for
passenger
(RubyGems)
Apr 23, 2022
Denial of Service (DoS) in Nokogiri on JRuby
High
GHSA-gx8x-g87m-h5q6
was published
for
nokogiri
(RubyGems)
Apr 11, 2022
Out-of-bounds Write in zlib affects Nokogiri
High
GHSA-v6gp-9mmm-c6p5
was published
for
nokogiri
(RubyGems)
Apr 11, 2022
Nokogiri Inefficient Regular Expression Complexity
High
CVE-2022-24836
was published
for
nokogiri
(RubyGems)
Apr 11, 2022
Command injection in cocoapods-downloader
High
CVE-2022-24440
was published
for
cocoapods-downloader
(RubyGems)
Apr 2, 2022
Command injection in cocoapods-downloader
High
CVE-2022-21223
was published
for
cocoapods-downloader
(RubyGems)
Apr 2, 2022
Nokogiri affected by zlib's Out-of-bounds Write vulnerability
High
CVE-2018-25032
was published
for
nokogiri
(RubyGems)
Mar 26, 2022
Improper Certificate Validation in kubeclient
High
CVE-2022-0759
was published
for
kubeclient
(RubyGems)
Mar 26, 2022
Missing Authentication for Critical Function in Foreman Ansible
High
CVE-2021-3589
was published
for
foreman_ansible
(RubyGems)
Mar 24, 2022
Integer overflow in cmark-gfm table parsing extension leads to heap memory corruption
High
CVE-2024-22051
was published
for
commonmarker
(RubyGems)
Mar 3, 2022
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in view_component
High
CVE-2022-24722
was published
for
view_component
(RubyGems)
Mar 2, 2022
Vulnerable dependencies in Nokogiri
High
GHSA-fq42-c5rg-92c2
was published
for
nokogiri
(RubyGems)
Feb 25, 2022
Puma used with Rails may lead to Information Exposure
High
CVE-2022-23634
was published
for
puma
(RubyGems)
Feb 11, 2022
Exposure of information in Action Pack
High
CVE-2022-23633
was published
for
actionpack
(RubyGems)
Feb 11, 2022
Publify Business Logic Errors
High
CVE-2022-0524
was published
for
publify_core
(RubyGems)
Feb 9, 2022
ProTip!
Advisories are also available from the
GraphQL API