GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
300 advisories
Filter by severity
Improper Certificate Validation in EM-HTTP-Request
High
CVE-2020-13482
was published
for
em-http-request
(RubyGems)
May 24, 2021
Dependency Confusion in Bundler
High
CVE-2020-36327
was published
for
bundler
(RubyGems)
May 24, 2021
Improper certificate validation in em-imap
High
CVE-2020-13163
was published
for
em-imap
(RubyGems)
May 24, 2021
Puma's Keepalive Connections Causing Denial Of Service
High
CVE-2021-29509
was published
for
puma
(RubyGems)
May 18, 2021
Insecure path handling in Bundler
High
CVE-2019-3881
was published
for
bundler
(RubyGems)
May 10, 2021
Tempfile on Windows path traversal vulnerability
High
CVE-2021-28966
was published
for
tmpdir
(RubyGems)
May 6, 2021
Possible DoS Vulnerability in Action Controller Token Authentication
High
CVE-2021-22904
was published
for
actionpack
(RubyGems)
May 5, 2021
Action Pack contains Information Disclosure / Unintended Method Execution vulnerability
High
CVE-2021-22885
was published
for
actionpack
(RubyGems)
May 5, 2021
Denial of Service in Action Dispatch
High
CVE-2021-22902
was published
for
actionpack
(RubyGems)
May 5, 2021
Pgsync Contains Cleartext Transmission of Sensitive Information
High
CVE-2021-31671
was published
for
pgsync
(RubyGems)
Apr 27, 2021
Improper Certificate Validation in oauth ruby gem
High
CVE-2016-11086
was published
for
oauth
(RubyGems)
Apr 22, 2021
Cross-Site Request Forgery (CSRF) in trestle-auth
High
CVE-2021-29435
was published
for
trestle-auth
(RubyGems)
Apr 13, 2021
Remote code execution in Kramdown
High
CVE-2021-28834
was published
for
kramdown
(RubyGems)
Mar 29, 2021
Active Record subject to Regular Expression Denial-of-Service (ReDoS)
High
CVE-2021-22880
was published
for
activerecord
(RubyGems)
Mar 2, 2021
Code Injection vulnerability in CarrierWave::RMagick
High
CVE-2021-21305
was published
for
carrierwave
(RubyGems)
Feb 8, 2021
Command Injection Vulnerability in Mechanize
High
CVE-2021-21289
was published
for
mechanize
(RubyGems)
Feb 2, 2021
omniauth-apple allows attacker to fake their email address during authentication
High
CVE-2020-26254
was published
for
omniauth-apple
(RubyGems)
Dec 8, 2020
Authorization bypass in Spree
High
CVE-2020-26223
was published
for
spree_api
(RubyGems)
Nov 13, 2020
Remote code execution in dependabot-core branch names when cloning
High
CVE-2020-26222
was published
for
dependabot-common
(RubyGems)
Nov 13, 2020
Regression in JWT Signature Validation
High
CVE-2020-15240
was published
for
omniauth-auth0
(RubyGems)
Nov 3, 2020
Ensure that doorkeeper_token is valid when authenticating requests in API v2 calls
High
CVE-2020-15269
was published
for
spree
(RubyGems)
Oct 20, 2020
Moped Rubygem Data Injection Vulnerability
High
CVE-2015-4410
was published
for
moped
(RubyGems)
Aug 19, 2020
ProTip!
Advisories are also available from the
GraphQL API