GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
7,495 advisories
Filter by severity
HTTParty does not restrict casts of string values
High
CVE-2013-1801
was published
for
httparty
(RubyGems)
Oct 24, 2017
Code injection in dragonfly gem
High
CVE-2013-5671
was published
for
dragonfly
(RubyGems)
Oct 24, 2017
Dragonfly Code Injection vulnerability
High
CVE-2013-1756
was published
for
dragonfly
(RubyGems)
Oct 24, 2017
actionpack Improper Input Validation vulnerability
High
CVE-2013-0156
was published
for
actionpack
(RubyGems)
Oct 24, 2017
crack does not properly restrict casts of string values
High
CVE-2013-1800
was published
for
crack
(RubyGems)
Oct 24, 2017
Thumbshooter vulnerable to Code Injection
High
CVE-2013-1898
was published
for
thumbshooter
(RubyGems)
Oct 24, 2017
fastreader Gem for Ruby URI Handling Arbitrary Command Injection
High
CVE-2013-2615
was published
for
fastreader
(RubyGems)
Oct 24, 2017
extlib does not properly restrict casts of string values
High
CVE-2013-1802
was published
for
extlib
(RubyGems)
Oct 24, 2017
MiniMagick Gem for Ruby URI Handling Arbitrary Command Injection
High
CVE-2013-2616
was published
for
mini_magick
(RubyGems)
Oct 24, 2017
Curl Gem insufficient URL escaping command injection
High
CVE-2013-2617
was published
for
curl
(RubyGems)
Oct 24, 2017
Improper Input Validation in multi_xml
High
CVE-2013-0175
was published
for
multi_xml
(RubyGems)
Oct 24, 2017
JSON gem has Improper Input Validation vulnerability
High
CVE-2013-0269
was published
for
json
(RubyGems)
Oct 24, 2017
Active Record contains SQL Injection
High
CVE-2012-6496
was published
for
activerecord
(RubyGems)
Oct 24, 2017
Sounder Contains Arbitrary Command Execution Vulnerability
High
CVE-2013-5647
was published
for
sounder
(RubyGems)
Oct 24, 2017
Shell command injection in command_wrap
High
CVE-2013-1875
was published
for
command_wrap
(RubyGems)
Oct 24, 2017
Active Record subject to strong parameters protection bypass
High
CVE-2014-3514
was published
for
activerecord
(RubyGems)
Oct 24, 2017
Aescrypt does not sufficiently use random values
High
CVE-2013-7463
was published
for
aescrypt
(RubyGems)
Oct 24, 2017
actionpack is vulnerable to denial of service because of a wildcard controller route
High
CVE-2015-7581
was published
for
actionpack
(RubyGems)
Oct 24, 2017
Regular Expression Denial of Service in uglify-js
High
CVE-2015-8858
was published
for
uglify-js
(npm)
Oct 24, 2017
File Descriptor Leak Can Cause DoS Vulnerability in hapi
High
CVE-2014-3742
was published
for
hapi
(npm)
Oct 24, 2017
Regular Expression Denial of Service in semver
High
CVE-2015-8855
was published
for
semver
(npm)
Oct 24, 2017
Denial-of-Service Memory Exhaustion in qs
High
CVE-2014-7191
was published
for
qs
(npm)
Oct 24, 2017
Active Record contains SQL Injection via improper range quoting
High
CVE-2014-3483
was published
for
activerecord
(RubyGems)
Oct 24, 2017
ProTip!
Advisories are also available from the
GraphQL API