Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,875
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,951
npm
3,481
NuGet
605
pip
3,047
Pub
10
RubyGems
832
Rust
777
Swift
34
Unreviewed advisories
All unreviewed
5,000+

19 advisories

Rails has possible Sensitive Session Information Leak in Active Storage Moderate
CVE-2024-26144 was published for activestorage (RubyGems) Feb 27, 2024
yoshizawa-masatoshi tyage
postmodern
xaviershay-dm-rails Gem for Ruby exposes sensitive information via the process table Moderate
CVE-2015-2179 was published for xaviershay-dm-rails (RubyGems) Jan 26, 2023
Mechanize before v2.8.5 vulnerable to authorization header leak on port redirect Moderate
CVE-2022-31033 was published for mechanize (RubyGems) Jun 9, 2022
Fat Free CRM vulnerable to Exposure of Sensitive Information Moderate
CVE-2013-7249 was published for fat_free_crm (RubyGems) May 17, 2022
Fat Free CRM allows remote attackers to obtain sensitive information via a direct request Moderate
CVE-2013-7224 was published for fat_free_crm (RubyGems) May 17, 2022
Spree allows remote attackers to obtain sensitive information Moderate
CVE-2010-3978 was published for spree (RubyGems) May 14, 2022
Authlogic Information Exposure vulnerability Moderate
CVE-2012-6497 was published for authlogic (RubyGems) May 14, 2022
Logstash Logs Sensitive Information Moderate
CVE-2016-10362 was published for logstash-core (RubyGems) May 13, 2022
Phusion Passenger information disclosure Moderate
CVE-2017-16355 was published for passenger (RubyGems) May 13, 2022
jhutchings1
Rails Multisite secure/signed cookies share secrets between sites in a multi-site application Moderate
CVE-2021-41263 was published for rails_multisite (RubyGems) Nov 15, 2021
Exposure of Sensitive Information to an Unauthorized Actor in activestorage Moderate
CVE-2018-16477 was published for activestorage (RubyGems) Dec 5, 2018
Gollum Exposure of Sensitive Information Moderate
CVE-2015-7314 was published for gollum (RubyGems) Aug 28, 2018
http vulnerable to Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2015-1828 was published for http (RubyGems) Mar 13, 2018
actionpack and activesupport vulnerable to information leaks Moderate
CVE-2009-3086 was published for actionpack (RubyGems) Oct 24, 2017
jasnow
Moderate severity vulnerability that affects rails Moderate
CVE-2007-5379 was published for rails (RubyGems) Oct 24, 2017
newrelic_rpm Gem Discloses Sensitive Information Moderate
CVE-2013-0284 was published for newrelic_rpm (RubyGems) Oct 24, 2017
jquery-rails and jquery-ujs subject to Exposure of Sensitive Information Moderate
CVE-2015-1840 was published for jquery-rails (RubyGems) Oct 24, 2017
Exposure of Sensitive Information in bio-basespace-sdk Moderate
CVE-2013-7111 was published for bio-basespace-sdk (RubyGems) Oct 24, 2017
rack-mini-profiler allows remote attackers to obtain sensitive information about allocated strings and objects Moderate
CVE-2016-4442 was published for rack-mini-profiler (RubyGems) Oct 24, 2017
ProTip! Advisories are also available from the GraphQL API