Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,653
Erlang
29
GitHub Actions
16
Go
1,706
Maven
4,938
npm
3,471
NuGet
603
pip
2,985
Pub
10
RubyGems
826
Rust
772
Swift
34
Unreviewed advisories
All unreviewed
5,000+

826 advisories

Publify Core does not strip metadata from images Moderate
CVE-2022-2815 was published for publify_core (RubyGems) Jan 14, 2023
Publify Improper Input Validation vulnerability Critical
CVE-2023-0299 was published for publify_core (RubyGems) Jan 14, 2023
ruby-git has potential remote code execution vulnerability High
CVE-2022-46648 was published for git (RubyGems) Jan 9, 2023
Inline SVG vulnerable to Cross-site Scripting Moderate
CVE-2020-36644 was published for inline_svg (RubyGems) Jan 7, 2023
PgHero Allows Information Disclosure Through EXPLAIN Feature High
CVE-2023-22626 was published for pghero (RubyGems) Jan 5, 2023
httparty has multipart/form-data request tampering vulnerability Moderate
CVE-2024-22049 was published for httparty (RubyGems) Jan 3, 2023
motoyasu-saburi
keynote Cross-site Scripting vulnerability Moderate
CVE-2017-20159 was published for keynote (RubyGems) Dec 31, 2022
Oxidized Web vulnerable to Cross-site Scripting Moderate
CVE-2019-25088 was published for oxidized-web (RubyGems) Dec 27, 2022
text_helpers uses web link to untrusted target with window.opener access Moderate
CVE-2020-36624 was published for text_helpers (RubyGems) Dec 22, 2022
active_attr Improper Resource Shutdown or Release vulnerability High
CVE-2021-4250 was published for active_attr (RubyGems) Dec 19, 2022
Possible XSS vulnerability with certain configurations of rails-html-sanitizer Moderate
CVE-2022-23520 was published for rails-html-sanitizer (RubyGems) Dec 13, 2022
Possible XSS vulnerability with certain configurations of rails-html-sanitizer Moderate
CVE-2022-23519 was published for rails-html-sanitizer (RubyGems) Dec 13, 2022
Improper neutralization of data URIs may allow XSS in rails-html-sanitizer Moderate
CVE-2022-23518 was published for rails-html-sanitizer (RubyGems) Dec 13, 2022
Inefficient Regular Expression Complexity in rails-html-sanitizer High
CVE-2022-23517 was published for rails-html-sanitizer (RubyGems) Dec 13, 2022
Uncontrolled Recursion in Loofah High
CVE-2022-23516 was published for loofah (RubyGems) Dec 13, 2022
Improper neutralization of data URIs may allow XSS in Loofah Moderate
CVE-2022-23515 was published for loofah (RubyGems) Dec 13, 2022
Inefficient Regular Expression Complexity in Loofah High
CVE-2022-23514 was published for loofah (RubyGems) Dec 13, 2022
Duplicate Advisory: Resque Scheduler Reflected XSS In Delayed Jobs View Moderate
GHSA-q7jc-v6f2-q9jr was published for resque-scheduler (RubyGems) Dec 13, 2022 withdrawn
Unchecked return value from xmlTextReaderExpand High
CVE-2022-23476 was published for nokogiri (RubyGems) Dec 8, 2022
Sinatra vulnerable to Reflected File Download attack High
CVE-2022-45442 was published for sinatra (RubyGems) Nov 30, 2022
motoyasu-saburi
Unsanitized input leading to code injection in Dalli Low
CVE-2022-4064 was published for dalli (RubyGems) Nov 19, 2022
HTTP response splitting in CGI High
CVE-2021-33621 was published for cgi (RubyGems) Nov 19, 2022
meineerde
fluentd vulnerable to remote code execution due to insecure deserialization (in non-default configuration) Low
CVE-2022-39379 was published for fluentd (RubyGems) Nov 2, 2022
p-
Cross-site Scripting in actionpack Low
CVE-2022-3704 was published for actionpack (RubyGems) Oct 27, 2022 withdrawn
rafaelfranca
Update bundled libxml2 to v2.10.3 to resolve multiple CVEs Moderate
GHSA-2qc6-mcvw-92cw was published for nokogiri (RubyGems) Oct 18, 2022
ProTip! Advisories are also available from the GraphQL API