GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,872
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,951
npm
3,481
NuGet
605
pip
3,047
Pub
10
RubyGems
832
Rust
777
Swift
34
Unreviewed advisories
All unreviewed
5,000+
46 advisories
Filter by severity
Rails has possible Sensitive Session Information Leak in Active Storage
Moderate
CVE-2024-26144
was published
for
activestorage
(RubyGems)
Feb 27, 2024
Exposure of information in Action Pack
High
CVE-2022-23633
was published
for
actionpack
(RubyGems)
Feb 11, 2022
Potential CSV export data leak
High
CVE-2023-50448
was published
for
activeadmin
(RubyGems)
Dec 15, 2023
xaviershay-dm-rails Gem for Ruby exposes sensitive information via the process table
Moderate
CVE-2015-2179
was published
for
xaviershay-dm-rails
(RubyGems)
Jan 26, 2023
Logstash Logs Sensitive Information
High
CVE-2016-1000221
was published
for
logstash-core
(RubyGems)
May 14, 2022
Logstash Logs Sensitive Information
Moderate
CVE-2016-10362
was published
for
logstash-core
(RubyGems)
May 13, 2022
Exposure of Sensitive Information in bio-basespace-sdk
Moderate
CVE-2013-7111
was published
for
bio-basespace-sdk
(RubyGems)
Oct 24, 2017
Kcapifony gem for Ruby places database user passwords on the command line
High
CVE-2014-5001
was published
for
kcapifony
(RubyGems)
Jul 23, 2018
brbackup exposes database password to unauthorized users
High
CVE-2014-5004
was published
for
brbackup
(RubyGems)
Mar 5, 2018
Moderate severity vulnerability that affects rails
Moderate
CVE-2007-5379
was published
for
rails
(RubyGems)
Oct 24, 2017
actionpack and activesupport vulnerable to information leaks
Moderate
CVE-2009-3086
was published
for
actionpack
(RubyGems)
Oct 24, 2017
Decidim vulnerable to sensitive data disclosure
High
CVE-2023-34090
was published
for
decidim
(RubyGems)
Jul 11, 2023
newrelic_rpm Gem Discloses Sensitive Information
Moderate
CVE-2013-0284
was published
for
newrelic_rpm
(RubyGems)
Oct 24, 2017
lawn-login exposes database password to unauthorized users
High
CVE-2014-5000
was published
for
lawn-login
(RubyGems)
Jan 22, 2018
lynx doesn't properly sanitize user input and exposes database password to unauthorized users
High
CVE-2014-5002
was published
for
lynx
(RubyGems)
Jan 24, 2018
safemode gem allows context-dependent attackers to obtain sensitive information via the inspect method
High
CVE-2016-3693
was published
for
safemode
(RubyGems)
Oct 24, 2017
Sprockets path traversal leads to information leak
High
CVE-2018-3760
was published
for
sprockets
(RubyGems)
Jun 20, 2018
http vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
Moderate
CVE-2015-1828
was published
for
http
(RubyGems)
Mar 13, 2018
Spree allows remote attackers to obtain sensitive information
Moderate
CVE-2010-3978
was published
for
spree
(RubyGems)
May 14, 2022
Paratrooper-newrelic Exposes of Sensitive Information to an Unauthorized Actor
Low
CVE-2014-1234
was published
for
paratrooper-newrelic
(RubyGems)
Oct 24, 2017
jquery-rails and jquery-ujs subject to Exposure of Sensitive Information
Moderate
CVE-2015-1840
was published
for
jquery-rails
(RubyGems)
Oct 24, 2017
Puma used with Rails may lead to Information Exposure
High
CVE-2022-23634
was published
for
puma
(RubyGems)
Feb 11, 2022
Action Pack contains Information Disclosure / Unintended Method Execution vulnerability
High
CVE-2021-22885
was published
for
actionpack
(RubyGems)
May 5, 2021
Airbrake keys not being filtered
Critical
CVE-2019-16060
was published
for
airbrake-ruby
(RubyGems)
Sep 11, 2019
Exposure of Sensitive Information to an Unauthorized Actor in activestorage
Moderate
CVE-2018-16477
was published
for
activestorage
(RubyGems)
Dec 5, 2018
ProTip!
Advisories are also available from the
GraphQL API