Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,653
Erlang
29
GitHub Actions
16
Go
1,706
Maven
4,938
npm
3,471
NuGet
603
pip
2,985
Pub
10
RubyGems
826
Rust
772
Swift
34
Unreviewed advisories
All unreviewed
5,000+

54 advisories

Low severity vulnerability that affects sensu Low
CVE-2018-1000060 was published for sensu (RubyGems) Jul 23, 2018 withdrawn
SQLite3 addresses vulnerability in packaged version of libsqlite Low
GHSA-mgvv-5mxp-xq67 was published for sqlite3 (RubyGems) Oct 3, 2022
personnummer/ruby vulnerable to Improper Input Validation Low
GHSA-vp9c-fpxx-744v was published for personnummer (RubyGems) Sep 23, 2020
rest-client allows local users to obtain sensitive information by reading the log Low
CVE-2015-3448 was published for rest-client (RubyGems) Oct 24, 2017
Potential Denial-of-Service in bindata Low
CVE-2021-32823 was published for bindata (RubyGems) Jun 23, 2021
Octokit gem published with world-writable files Low
CVE-2022-31072 was published for octokit (RubyGems) Jun 15, 2022
fluentd vulnerable to remote code execution due to insecure deserialization (in non-default configuration) Low
CVE-2022-39379 was published for fluentd (RubyGems) Nov 2, 2022
p-
Unsanitized input leading to code injection in Dalli Low
CVE-2022-4064 was published for dalli (RubyGems) Nov 19, 2022
Katello cleartext password storage issue Low
CVE-2019-14825 was published for katello (RubyGems) May 24, 2022
Gitaly Insufficient Session Expiration vulnerability Low
CVE-2020-13353 was published for gitaly (RubyGems) May 24, 2022
Puma with proxy which forwards LF characters as line endings could allow HTTP request smuggling Low
CVE-2021-41136 was published for puma (RubyGems) Oct 12, 2021
asta12 mattiasgrenfeldt
CSRF allows attacker to finalize/unfinalize order adjustments in solidus_backend Low
CVE-2022-31000 was published for solidus_backend (RubyGems) Jun 1, 2022
Puppet supports use of IP addresses in certnames without warning of potential risks Low
CVE-2012-3408 was published for puppet (RubyGems) Oct 24, 2017
ReDoS based DoS vulnerability in Action Dispatch Low
CVE-2023-22795 was published for actionpack (RubyGems) Jan 18, 2023
robertoz-01 esparta
Puppet Labs Facter allows local users to obtain sensitive Amazon EC2 IAM instance metadata Low
CVE-2015-1426 was published for facter (RubyGems) May 14, 2022
Phusion Passenger allows remote attackers to spoof headers Low
CVE-2015-7519 was published for passenger (RubyGems) Oct 10, 2018
Local API Login Credentials Disclosure in paratrooper-pingdom Low
CVE-2014-1233 was published for paratrooper-pingdom (RubyGems) Oct 24, 2017
Insecure use of temporary files in passenger Low
CVE-2014-1831 was published for passenger (RubyGems) Oct 10, 2018
Octopoller gem published with world-writable files Low
CVE-2022-31071 was published for octopoller (RubyGems) Jun 15, 2022
ruby_parser allows local users to overwrite arbitrary files via symlink attack on temporary file with predictable name Low
CVE-2013-0162 was published for ruby_parser (RubyGems) May 5, 2022
Possible Denial of Service Vulnerability in Rack's header parsing Low
CVE-2023-27539 was published for rack (RubyGems) Mar 15, 2023
G-Rath
ReDoS based DoS vulnerability in Active Support's underscore Low
CVE-2023-22796 was published for activesupport (RubyGems) Jan 18, 2023
robertoz-01 postmodern
G-Rath
Active Support Possibly Discloses Locally Encrypted Files Low
CVE-2023-38037 was published for activesupport (RubyGems) Aug 23, 2023
Paratrooper-newrelic Exposes of Sensitive Information to an Unauthorized Actor Low
CVE-2014-1234 was published for paratrooper-newrelic (RubyGems) Oct 24, 2017
RuboCop gem Insecure use of /tmp Low
CVE-2017-8418 was published for rubocop (RubyGems) Nov 15, 2017
tdunlap607
ProTip! Advisories are also available from the GraphQL API