GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,653
Erlang
29
GitHub Actions
16
Go
1,706
Maven
4,938
npm
3,471
NuGet
603
pip
2,985
Pub
10
RubyGems
826
Rust
772
Swift
34
Unreviewed advisories
All unreviewed
5,000+
826 advisories
Filter by severity
Publify Core does not strip metadata from images
Moderate
CVE-2022-2815
was published
for
publify_core
(RubyGems)
Jan 14, 2023
Publify Improper Input Validation vulnerability
Critical
CVE-2023-0299
was published
for
publify_core
(RubyGems)
Jan 14, 2023
ruby-git has potential remote code execution vulnerability
High
CVE-2022-46648
was published
for
git
(RubyGems)
Jan 9, 2023
Inline SVG vulnerable to Cross-site Scripting
Moderate
CVE-2020-36644
was published
for
inline_svg
(RubyGems)
Jan 7, 2023
PgHero Allows Information Disclosure Through EXPLAIN Feature
High
CVE-2023-22626
was published
for
pghero
(RubyGems)
Jan 5, 2023
httparty has multipart/form-data request tampering vulnerability
Moderate
CVE-2024-22049
was published
for
httparty
(RubyGems)
Jan 3, 2023
keynote Cross-site Scripting vulnerability
Moderate
CVE-2017-20159
was published
for
keynote
(RubyGems)
Dec 31, 2022
Oxidized Web vulnerable to Cross-site Scripting
Moderate
CVE-2019-25088
was published
for
oxidized-web
(RubyGems)
Dec 27, 2022
text_helpers uses web link to untrusted target with window.opener access
Moderate
CVE-2020-36624
was published
for
text_helpers
(RubyGems)
Dec 22, 2022
active_attr Improper Resource Shutdown or Release vulnerability
High
CVE-2021-4250
was published
for
active_attr
(RubyGems)
Dec 19, 2022
Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Moderate
CVE-2022-23520
was published
for
rails-html-sanitizer
(RubyGems)
Dec 13, 2022
Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Moderate
CVE-2022-23519
was published
for
rails-html-sanitizer
(RubyGems)
Dec 13, 2022
Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Moderate
CVE-2022-23518
was published
for
rails-html-sanitizer
(RubyGems)
Dec 13, 2022
Inefficient Regular Expression Complexity in rails-html-sanitizer
High
CVE-2022-23517
was published
for
rails-html-sanitizer
(RubyGems)
Dec 13, 2022
Uncontrolled Recursion in Loofah
High
CVE-2022-23516
was published
for
loofah
(RubyGems)
Dec 13, 2022
Improper neutralization of data URIs may allow XSS in Loofah
Moderate
CVE-2022-23515
was published
for
loofah
(RubyGems)
Dec 13, 2022
Inefficient Regular Expression Complexity in Loofah
High
CVE-2022-23514
was published
for
loofah
(RubyGems)
Dec 13, 2022
Duplicate Advisory: Resque Scheduler Reflected XSS In Delayed Jobs View
Moderate
GHSA-q7jc-v6f2-q9jr
was published
for
resque-scheduler
(RubyGems)
Dec 13, 2022
•
withdrawn
Unchecked return value from xmlTextReaderExpand
High
CVE-2022-23476
was published
for
nokogiri
(RubyGems)
Dec 8, 2022
Sinatra vulnerable to Reflected File Download attack
High
CVE-2022-45442
was published
for
sinatra
(RubyGems)
Nov 30, 2022
Unsanitized input leading to code injection in Dalli
Low
CVE-2022-4064
was published
for
dalli
(RubyGems)
Nov 19, 2022
fluentd vulnerable to remote code execution due to insecure deserialization (in non-default configuration)
Low
CVE-2022-39379
was published
for
fluentd
(RubyGems)
Nov 2, 2022
Cross-site Scripting in actionpack
Low
CVE-2022-3704
was published
for
actionpack
(RubyGems)
Oct 27, 2022
•
withdrawn
Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Moderate
GHSA-2qc6-mcvw-92cw
was published
for
nokogiri
(RubyGems)
Oct 18, 2022
ProTip!
Advisories are also available from the
GraphQL API