Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,678
Erlang
29
GitHub Actions
16
Go
1,707
Maven
4,940
npm
3,471
NuGet
603
pip
2,993
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

237,273 advisories

md2pdf allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename Critical
CVE-2013-1948 was published for md2pdf (RubyGems) Oct 24, 2017
Puppet Improper Input Validation vulnerability High
CVE-2013-1655 was published for puppet (RubyGems) Oct 24, 2017
Puppet Improper Input Validation vulnerability High
CVE-2013-3567 was published for puppet (RubyGems) Oct 24, 2017
Puppet allows local users to obtain sensitive configuration information Low
CVE-2012-3866 was published for puppet (RubyGems) Oct 24, 2017
Puppet allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service Moderate
CVE-2013-4761 was published for puppet (RubyGems) Oct 24, 2017
actionpack Improper Input Validation vulnerability High
CVE-2013-0156 was published for actionpack (RubyGems) Oct 24, 2017
actionpack Cross-site Scripting vulnerability Moderate
CVE-2012-3465 was published for actionpack (RubyGems) Oct 24, 2017
ShayAry
omniauth-facebook Cross-Site Request Forgery vulnerability Moderate
CVE-2013-4562 was published for omniauth-facebook (RubyGems) Oct 24, 2017
Dragonfly Code Injection vulnerability High
CVE-2013-1756 was published for dragonfly (RubyGems) Oct 24, 2017
actionpack Cross-site Scripting vulnerability Moderate
CVE-2012-3463 was published for actionpack (RubyGems) Oct 24, 2017
ShayAry
actionpack Cross-site Scripting vulnerability Moderate
CVE-2013-1857 was published for actionpack (RubyGems) Oct 24, 2017
Puppet vulnerable to Path Traversal Low
CVE-2012-3865 was published for puppet (RubyGems) Oct 24, 2017
Pupper does not properly restrict characters in Common Name field of Certificate Signing Request Moderate
CVE-2012-3867 was published for puppet (RubyGems) Oct 24, 2017
Improper Input Validation in multi_xml High
CVE-2013-0175 was published for multi_xml (RubyGems) Oct 24, 2017
tdunlap607
rgpg Code Injection vulnerability High
CVE-2013-4203 was published for rgpg (RubyGems) Oct 24, 2017
Curl Gem insufficient URL escaping command injection High
CVE-2013-2617 was published for curl (RubyGems) Oct 24, 2017
newrelic_rpm Gem Discloses Sensitive Information Moderate
CVE-2013-0284 was published for newrelic_rpm (RubyGems) Oct 24, 2017
extlib does not properly restrict casts of string values High
CVE-2013-1802 was published for extlib (RubyGems) Oct 24, 2017
RedCloth Cross-site Scripting vulnerability Moderate
CVE-2012-6684 was published for redcloth (RubyGems) Oct 24, 2017
oliverchang
Rack rubygems receiving excessively long lines triggers out-of-memory error Moderate
CVE-2013-0183 was published for rack (RubyGems) Oct 24, 2017
Active Record contains deserialization of arbitrary YAML Critical
CVE-2013-0277 was published for activerecord (RubyGems) Oct 24, 2017
Thumbshooter vulnerable to Code Injection High
CVE-2013-1898 was published for thumbshooter (RubyGems) Oct 24, 2017
crack does not properly restrict casts of string values High
CVE-2013-1800 was published for crack (RubyGems) Oct 24, 2017
fastreader Gem for Ruby URI Handling Arbitrary Command Injection High
CVE-2013-2615 was published for fastreader (RubyGems) Oct 24, 2017
Deserialization Code Execution in js-yaml Critical
CVE-2013-4660 was published for js-yaml (npm) Oct 24, 2017
ProTip! Advisories are also available from the GraphQL API