GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
300 advisories
Filter by severity
SQL Injection Vulnerability via ActiveRecord comments
High
CVE-2023-22794
was published
for
activerecord
(RubyGems)
Jan 18, 2023
Denial of service via header parsing in Rack
High
CVE-2022-44570
was published
for
rack
(RubyGems)
Jan 18, 2023
ruby-git has potential remote code execution vulnerability
High
CVE-2022-46648
was published
for
git
(RubyGems)
Jan 9, 2023
PgHero Allows Information Disclosure Through EXPLAIN Feature
High
CVE-2023-22626
was published
for
pghero
(RubyGems)
Jan 5, 2023
active_attr Improper Resource Shutdown or Release vulnerability
High
CVE-2021-4250
was published
for
active_attr
(RubyGems)
Dec 19, 2022
Inefficient Regular Expression Complexity in rails-html-sanitizer
High
CVE-2022-23517
was published
for
rails-html-sanitizer
(RubyGems)
Dec 13, 2022
Uncontrolled Recursion in Loofah
High
CVE-2022-23516
was published
for
loofah
(RubyGems)
Dec 13, 2022
Inefficient Regular Expression Complexity in Loofah
High
CVE-2022-23514
was published
for
loofah
(RubyGems)
Dec 13, 2022
Unchecked return value from xmlTextReaderExpand
High
CVE-2022-23476
was published
for
nokogiri
(RubyGems)
Dec 8, 2022
Sinatra vulnerable to Reflected File Download attack
High
CVE-2022-45442
was published
for
sinatra
(RubyGems)
Nov 30, 2022
arr-pm vulnerable to arbitrary shell execution when extracting or listing files contained in a malicious rpm.
High
CVE-2022-39224
was published
for
arr-pm
(RubyGems)
Sep 21, 2022
Pageflow vulnerable to insecure direct object reference in membership update endpoint
High
GHSA-qcqv-38jg-2r43
was published
for
pageflow
(RubyGems)
Sep 15, 2022
Pageflow vulnerable to sensitive user data extraction via Ransack query injection
High
GHSA-wrrw-crp8-979q
was published
for
pageflow
(RubyGems)
Sep 15, 2022
TZInfo relative path traversal vulnerability allows loading of arbitrary files
High
CVE-2022-31163
was published
for
tzinfo
(RubyGems)
Jul 21, 2022
opensearch-ruby 2.x before 2.0.2 vulnerable to unsafe YAML deserialization
High
CVE-2022-31115
was published
for
opensearch-ruby
(RubyGems)
Jul 5, 2022
Denial of Service Vulnerability in Rack Multipart Parsing
High
CVE-2022-30122
was published
for
rack
(RubyGems)
May 27, 2022
Camaleon CMS Insufficient Session Expiration vulnerability
High
CVE-2021-25970
was published
for
camaleon_cms
(RubyGems)
May 24, 2022
Nokogiri has vulnerable dependencies on libxml2 and libxslt
High
CVE-2021-30560
was published
for
nokogiri
(RubyGems)
May 24, 2022
Nokogiri contains libxml Out-of-bounds Write vulnerability
High
CVE-2021-3517
was published
for
nokogiri
(RubyGems)
May 24, 2022
Nokogiri Implements libxml2 version vulnerable to use-after-free
High
CVE-2021-3518
was published
for
nokogiri
(RubyGems)
May 24, 2022
Metasploit Framework user exposes Metasploit to same deserialization issue that is exploited by that module
High
CVE-2020-7385
was published
for
metasploit-framework
(RubyGems)
May 24, 2022
WEBRick vulnerable to HTTP Request/Response Smuggling
High
CVE-2020-25613
was published
for
webrick
(RubyGems)
May 24, 2022
Nokogiri implementation of libxslt vulnerable to heap corruption
High
CVE-2019-5815
was published
for
nokogiri
(RubyGems)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API