Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+

891 advisories

Loading
Denial of Service Vulnerability in gRPC TCP Server (Posix-compatible platforms) High
CVE-2023-4785 was published for grpc (RubyGems) Sep 13, 2023
hahwul
WEBRick vulnerable to HTTP Request/Response Smuggling High
CVE-2020-25613 was published for webrick (RubyGems) May 24, 2022
Cross-site Scripting (XSS) possible due to improper sanitisation of `href` attributes on `<a>` tags High
CVE-2024-32463 was published for phlex (RubyGems) Apr 17, 2024
gregmolnar joeldrapper
willcosgrove
Katello uses hard coded credential Critical
CVE-2012-3503 was published for katello (RubyGems) May 17, 2022
postmodern
CarrierWave content-Type allowlist bypass vulnerability which possibly leads to XSS remained Moderate
CVE-2024-29034 was published for carrierwave (RubyGems) Mar 25, 2024
a-zara-n
Cross-site Scripting in actionpack Low
CVE-2022-3704 was published for actionpack (RubyGems) Oct 27, 2022 withdrawn
rafaelfranca
AlchemyCMS is vulnerable to stored XSS via the /admin/pictures image field Moderate
CVE-2018-18307 was published for alchemy_cms (RubyGems) May 14, 2022
YARD's default template vulnerable to Cross-site Scripting in generated frames.html Moderate
CVE-2024-27285 was published for yard (RubyGems) Feb 28, 2024
avivkeller
Devise-Two-Factor vulnerable to brute force attacks Moderate
CVE-2024-0227 was published for devise-two-factor (RubyGems) Jan 12, 2024 withdrawn
bsedat
Nokogiri update packaged libxml2 to v2.12.5 to resolve CVE-2024-25062 Moderate
GHSA-xc9x-jj77-9p9j was published for nokogiri (RubyGems) Feb 5, 2024
yoshizawa-masatoshi lumaxis
ROTP 6.2.2 and 6.2.1 has 0666 permissions for the .rb files. Moderate
CVE-2024-28862 was published for rotp (RubyGems) Mar 18, 2024
G-Rath
Use-after-free in libxml2 via Nokogiri::XML::Reader Moderate
GHSA-vcc3-rw6f-jv97 was published for nokogiri (RubyGems) Mar 18, 2024
TurboBoost Commands vulnerable to arbitrary method invocation High
CVE-2024-28181 was published for @turbo-boost/commands (RubyGems) Mar 15, 2024
Cross-site Scripting (XSS) possible with maliciously formed HTML attribute names and values in Phlex High
CVE-2024-28199 was published for phlex (RubyGems) Mar 12, 2024
p8 joeldrapper
willcosgrove
discordrb OS Command Injection vulnerability Critical
CVE-2023-28102 was published for discordrb (RubyGems) Mar 14, 2024
Path Traversal vulnerability that affects yard High
CVE-2019-1020001 was published for yard (RubyGems) Jul 2, 2019
json-jwt allows bypass of identity checks via a sign/encryption confusion attack Moderate
CVE-2023-51774 was published for json-jwt (RubyGems) Feb 29, 2024
postmodern sorah
Capncavedan
Rack CORS Middleware has Insecure File Permissions Moderate
CVE-2024-27456 was published for rack-cors (RubyGems) Feb 26, 2024
guiferrpereira joaomarcos96
Rails has possible ReDoS vulnerability in Accept header parsing in Action Dispatch Low
CVE-2024-26142 was published for actionpack (RubyGems) Feb 27, 2024
SValkanov yoshizawa-masatoshi
postmodern
Sisimai Inefficient Regular Expression Complexity vulnerability Moderate
CVE-2022-4891 was published for sisimai (RubyGems) Jan 17, 2023
Oxidized Web vulnerable to Cross-site Scripting Moderate
CVE-2019-25088 was published for oxidized-web (RubyGems) Dec 27, 2022
Rack Header Parsing leads to Possible Denial of Service Vulnerability Low
CVE-2024-26146 was published for rack (RubyGems) Feb 28, 2024
SValkanov
Rack has possible DoS Vulnerability with Range Header Low
CVE-2024-26141 was published for rack (RubyGems) Feb 28, 2024
ooooooo-q
Withdrawn Advisory: Fat Free CRM Cross-site Scripting vulnerability Moderate
CVE-2019-10226 was published for fat_free_crm (RubyGems) May 24, 2022 withdrawn
steveyken
Cross-site scripting (XSS) in the dynamic file uploads Moderate
CVE-2023-51447 was published for decidim (RubyGems) Feb 20, 2024
ctrgrb ahukkanen
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database