Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,653
Erlang
29
GitHub Actions
16
Go
1,706
Maven
4,938
npm
3,471
NuGet
603
pip
2,986
Pub
10
RubyGems
826
Rust
772
Swift
34
Unreviewed advisories
All unreviewed
5,000+

54 advisories

Duplicate Advisory: Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459 Low
GHSA-r3w4-36x6-7r99 was published for nokogiri (RubyGems) May 14, 2024 withdrawn
Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459 Low
GHSA-r95h-9x8f-r3f7 was published for nokogiri (RubyGems) May 13, 2024
CommanderStorm postmodern
Cross-site Scripting in actionpack Low
CVE-2022-3704 was published for actionpack (RubyGems) Oct 27, 2022 withdrawn
rafaelfranca
Rails has possible ReDoS vulnerability in Accept header parsing in Action Dispatch Low
CVE-2024-26142 was published for actionpack (RubyGems) Feb 27, 2024
SValkanov yoshizawa-masatoshi
postmodern
Race condition in Endorsements Low
CVE-2023-47634 was published for decidim (RubyGems) Feb 20, 2024
microstudi alecslupu
andreslucena
Rack Header Parsing leads to Possible Denial of Service Vulnerability Low
CVE-2024-26146 was published for rack (RubyGems) Feb 28, 2024
SValkanov
Rack has possible DoS Vulnerability with Range Header Low
CVE-2024-26141 was published for rack (RubyGems) Feb 28, 2024
ooooooo-q
Puppet arbitrary files overwrite via a symlink attack Low
CVE-2010-0156 was published for puppet (RubyGems) May 2, 2022
ReDoS based DoS vulnerability in Action Dispatch Low
CVE-2023-22792 was published for actionpack (RubyGems) Jan 18, 2023
robertoz-01 postmodern
Puppet Denial of Service and Arbitrary File Write Low
CVE-2012-1987 was published for puppet (RubyGems) May 14, 2022
Malicious URL drafting attack against iodines static file server may allow path traversal Low
CVE-2024-22050 was published for iodine (RubyGems) Oct 7, 2019
Race Condition leading to logging errors Low
CVE-2024-22047 was published for audited (RubyGems) May 1, 2023
htrgouvea giovannism20
danielmorrison
govuk_tech_docs vulnerable to unescaped HTML on search results page Low
CVE-2024-22048 was published for govuk_tech_docs (RubyGems) Apr 11, 2023
ChrisBAshton
Duplicate Advisory: Malicious URL drafting attack against iodines static file server may allow path traversal Low
GHSA-qwf7-rv77-fcr3 was published for iodine (RubyGems) Jan 4, 2024 withdrawn
Duplicate Advisory: govuk_tech_docs vulnerable to unescaped HTML on search results page Low
GHSA-4mvm-xh8j-fv27 was published for govuk_tech_docs (RubyGems) Jan 4, 2024 withdrawn
Duplicate Advisory: Race Condition leading to logging errors Low
GHSA-v444-jggx-6v7f was published for audited (RubyGems) Jan 4, 2024 withdrawn
Puppet allows local users to obtain sensitive configuration information Low
CVE-2012-3866 was published for puppet (RubyGems) Oct 24, 2017
sqlite3-ruby uses weak permissions for unspecified files, which allows local users to gain privileges Low
CVE-2011-0995 was published for sqlite3-ruby (RubyGems) Oct 24, 2017
Puppet vulnerable to Path Traversal Low
CVE-2012-3865 was published for puppet (RubyGems) Oct 24, 2017
Puppet allows local users to overwrite arbitrary files via a symlink attack Low
CVE-2012-1989 was published for puppet (RubyGems) Oct 24, 2017
actionpack is vulnerable to remote bypass authentication Low
CVE-2015-7576 was published for actionpack (RubyGems) Oct 24, 2017
ShayAry
Spina Cross-site Scripting vulnerability Low
CVE-2023-3445 was published for spina (RubyGems) Jun 28, 2023
Sensitive Terraform Output Values Printed At Info Logging Level In Kitchen-Terraform Low
CVE-2023-30618 was published for kitchen-terraform (RubyGems) Apr 24, 2023
brettcurtis
Insecure use of temporary files in Phusion passenger Low
CVE-2014-1832 was published for passenger (RubyGems) Oct 10, 2018
Denial of Service Vulnerability in Rack Content-Disposition parsing Low
CVE-2022-44571 was published for rack (RubyGems) Jan 18, 2023
ProTip! Advisories are also available from the GraphQL API