GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,680
Erlang
29
GitHub Actions
16
Go
1,707
Maven
4,940
npm
3,473
NuGet
603
pip
2,993
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
826 advisories
Filter by severity
Code injection in pdf_info
Critical
CVE-2022-36231
was published
for
pdf_info
(RubyGems)
Feb 24, 2023
Withdrawn: Fortra GoAnywhere MFT Deserialization of Untrusted Data vulnerability affects metasploit-framework
High
CVE-2023-0669
was published
for
metasploit-framework
(RubyGems)
Feb 6, 2023
•
withdrawn
Clockwork Web contains a Cross-Site Request Forgery Vulnerability with Rails < 5.2
Moderate
CVE-2023-25015
was published
for
clockwork_web
(RubyGems)
Feb 2, 2023
Publify contains Weak Password Requirements
Moderate
CVE-2023-0569
was published
for
publify_core
(RubyGems)
Jan 29, 2023
Improper neutralization of `noscript` element content may allow XSS in Sanitize
Moderate
CVE-2023-23627
was published
for
sanitize
(RubyGems)
Jan 28, 2023
flash_tool Gem for Ruby File Download Handling Arbitrary Command Execution
Critical
CVE-2013-2513
was published
for
flash_tool
(RubyGems)
Jan 26, 2023
Devise Gem for Ruby Unauthorized Access Using "Remember Me" Cookie
High
CVE-2015-8314
was published
for
devise
(RubyGems)
Jan 26, 2023
xaviershay-dm-rails Gem for Ruby exposes sensitive information via the process table
Moderate
CVE-2015-2179
was published
for
xaviershay-dm-rails
(RubyGems)
Jan 26, 2023
Several quadratic complexity bugs may lead to denial of service in Commonmarker
Moderate
GHSA-636f-xm5j-pj9m
was published
for
commonmarker
(RubyGems)
Jan 24, 2023
ExifTool vulnerable to arbitrary code execution
High
GHSA-q95h-cqrv-8jv5
was published
for
exiftool_vendored
(RubyGems)
Jan 20, 2023
jruby-openssl gem for JRuby fails to do proper certificate validation
High
CVE-2009-4123
was published
for
jruby-openssl
(RubyGems)
Jan 19, 2023
Denial of Service Vulnerability in Rack Content-Disposition parsing
Low
CVE-2022-44571
was published
for
rack
(RubyGems)
Jan 18, 2023
ReDoS based DoS vulnerability in Action Dispatch
Low
CVE-2023-22792
was published
for
actionpack
(RubyGems)
Jan 18, 2023
ReDoS based DoS vulnerability in Active Support's underscore
Low
CVE-2023-22796
was published
for
activesupport
(RubyGems)
Jan 18, 2023
Open Redirect Vulnerability in Action Pack
Moderate
CVE-2023-22797
was published
for
actionpack
(RubyGems)
Jan 18, 2023
Denial of Service Vulnerability in ActiveRecord's PostgreSQL adapter
High
CVE-2022-44566
was published
for
activerecord
(RubyGems)
Jan 18, 2023
ReDoS based DoS vulnerability in Action Dispatch
Low
CVE-2023-22795
was published
for
actionpack
(RubyGems)
Jan 18, 2023
SQL Injection Vulnerability via ActiveRecord comments
High
CVE-2023-22794
was published
for
activerecord
(RubyGems)
Jan 18, 2023
Denial of service via header parsing in Rack
High
CVE-2022-44570
was published
for
rack
(RubyGems)
Jan 18, 2023
Denial of service via multipart parsing in Rack
Low
CVE-2022-44572
was published
for
rack
(RubyGems)
Jan 18, 2023
ReDoS based DoS vulnerability in GlobalID
Low
CVE-2023-22799
was published
for
globalid
(RubyGems)
Jan 18, 2023
Sisimai Inefficient Regular Expression Complexity vulnerability
Moderate
CVE-2022-4891
was published
for
sisimai
(RubyGems)
Jan 17, 2023
curupira is vulnerable to SQL injection
Critical
CVE-2015-10053
was published
for
curupira
(RubyGems)
Jan 16, 2023
Integer overflow in publify_core
Critical
CVE-2022-1812
was published
for
publify_core
(RubyGems)
Jan 14, 2023
ProTip!
Advisories are also available from the
GraphQL API