GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
300 advisories
Filter by severity
Nokogiri Inefficient Regular Expression Complexity
High
CVE-2022-24836
was published
for
nokogiri
(RubyGems)
Apr 11, 2022
Command injection in cocoapods-downloader
High
CVE-2022-21223
was published
for
cocoapods-downloader
(RubyGems)
Apr 2, 2022
Command injection in cocoapods-downloader
High
CVE-2022-24440
was published
for
cocoapods-downloader
(RubyGems)
Apr 2, 2022
Nokogiri affected by zlib's Out-of-bounds Write vulnerability
High
CVE-2018-25032
was published
for
nokogiri
(RubyGems)
Mar 26, 2022
Improper Certificate Validation in kubeclient
High
CVE-2022-0759
was published
for
kubeclient
(RubyGems)
Mar 26, 2022
Missing Authentication for Critical Function in Foreman Ansible
High
CVE-2021-3589
was published
for
foreman_ansible
(RubyGems)
Mar 24, 2022
Integer overflow in cmark-gfm table parsing extension leads to heap memory corruption
High
CVE-2024-22051
was published
for
commonmarker
(RubyGems)
Mar 3, 2022
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in view_component
High
CVE-2022-24722
was published
for
view_component
(RubyGems)
Mar 2, 2022
Vulnerable dependencies in Nokogiri
High
GHSA-fq42-c5rg-92c2
was published
for
nokogiri
(RubyGems)
Feb 25, 2022
Puma used with Rails may lead to Information Exposure
High
CVE-2022-23634
was published
for
puma
(RubyGems)
Feb 11, 2022
Exposure of information in Action Pack
High
CVE-2022-23633
was published
for
actionpack
(RubyGems)
Feb 11, 2022
Publify Business Logic Errors
High
CVE-2022-0524
was published
for
publify_core
(RubyGems)
Feb 9, 2022
Cookie Prefix Spoofing in CGI::Cookie.parse
High
CVE-2021-41819
was published
for
cgi
(RubyGems)
Jan 21, 2022
A potential Denial of Service issue in protobuf-java
High
CVE-2021-22569
was published
for
com.google.protobuf:protobuf-java
(RubyGems)
Jan 7, 2022
Improper Privilege Management in devise_masquerade
High
CVE-2021-28680
was published
for
devise_masquerade
(RubyGems)
Dec 8, 2021
ReDos vulnerability on guest checkout email validation
High
CVE-2021-43805
was published
for
solidus_core
(RubyGems)
Dec 7, 2021
Regular expression denial of service vulnerability (ReDoS) in date
High
CVE-2021-41817
was published
for
date
(RubyGems)
Nov 16, 2021
Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
High
CVE-2021-41098
was published
for
nokogiri
(RubyGems)
Sep 27, 2021
Clearance Gem Open Redirect Vulnerability
High
CVE-2021-23435
was published
for
clearance
(RubyGems)
Sep 13, 2021
Regular Expression Denial of Service in Addressable templates
High
CVE-2021-32740
was published
for
addressable
(RubyGems)
Jul 12, 2021
Exposure of Sensitive Information to an Unauthorized Actor in foreman_fog_proxmox
High
CVE-2021-20259
was published
for
foreman_fog_proxmox
(RubyGems)
Jun 10, 2021
HTTP Request Smuggling in goliath
High
CVE-2020-7671
was published
for
goliath
(RubyGems)
May 24, 2021
ProTip!
Advisories are also available from the
GraphQL API