Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,825
Erlang
36
GitHub Actions
32
Go
2,417
Maven
5,000+
npm
4,054
NuGet
723
pip
3,845
Pub
12
RubyGems
933
Rust
1,005
Swift
38
Unreviewed advisories
All unreviewed
5,000+

309 advisories

Loading
Tempfile on Windows path traversal vulnerability High
CVE-2021-28966 was published for tmpdir (RubyGems) May 6, 2021
point-cli allows local users to obtain sensitive information by listing the process High
CVE-2014-4997 was published for point-cli (RubyGems) May 14, 2022
VladTheEnterprising allows local users to obtain sensitive information by reading MySQL root password from temporary file High
CVE-2014-4995 was published for VladTheEnterprising (RubyGems) May 14, 2022
lean-ruport allows local users to obtain sensitive information by listing the process High
CVE-2014-4998 was published for lean-ruport (RubyGems) May 14, 2022
kajam allows local users to obtain sensitive information by listing the process High
CVE-2014-4999 was published for kajam (RubyGems) May 14, 2022
omniauth-facebook Improper Authentication vulnerability High
CVE-2013-4593 was published for omniauth-facebook (RubyGems) May 5, 2022
Prototype Pollution in chartkick High
CVE-2019-18841 was published for chartkick (RubyGems) Dec 2, 2019
HTTP Request Smuggling in goliath High
CVE-2020-7671 was published for goliath (RubyGems) May 24, 2021
Denial of service in sidekiq High
CVE-2022-23837 was published for sidekiq (RubyGems) Jan 27, 2022
A potential Denial of Service issue in protobuf-java High
CVE-2021-22569 was published for com.google.protobuf:protobuf-java (RubyGems) Jan 7, 2022
Code injection in Narou High
CVE-2021-35514 was published for narou (RubyGems) Jul 2, 2021
Exposure of Sensitive Information to an Unauthorized Actor in foreman_fog_proxmox High
CVE-2021-20259 was published for foreman_fog_proxmox (RubyGems) Jun 10, 2021
Improper Certificate Validation in oauth ruby gem High
CVE-2016-11086 was published for oauth (RubyGems) Apr 22, 2021
Ruby-SAML Improper Authentication vulnerability High
CVE-2017-11428 was published for ruby-saml (RubyGems) Jul 5, 2019
Sanitize vulnerable to Improper Input Validation and Cross-site Scripting High
CVE-2018-3740 was published for sanitize (RubyGems) Mar 21, 2018
HTTP Request Smuggling in reel High
CVE-2020-7659 was published for reel (RubyGems) May 24, 2021
backup-agoddard and backup_checksum have Information Exposure vulnerability High
CVE-2014-4993 was published for backup-agoddard (RubyGems) May 14, 2022
Doorkeeper subject to Incorrect Permission Assignment High
CVE-2018-1000211 was published for doorkeeper (RubyGems) Aug 13, 2018
private_address_check contains Incomplete List of Disallowed Inputs High
CVE-2017-0909 was published for private_address_check (RubyGems) Nov 30, 2017
ExifTool vulnerable to arbitrary code execution High
GHSA-q95h-cqrv-8jv5 was published for exiftool_vendored (RubyGems) Jan 20, 2023
dgollahon
Integer Overflow or Wraparound in libxml2 affects Nokogiri High
GHSA-cgx6-hpwq-fhv5 was published for nokogiri (RubyGems) May 18, 2022
Out-of-bounds Write in zlib affects Nokogiri High
GHSA-v6gp-9mmm-c6p5 was published for nokogiri (RubyGems) Apr 11, 2022
Denial of Service (DoS) in Nokogiri on JRuby High
GHSA-gx8x-g87m-h5q6 was published for nokogiri (RubyGems) Apr 11, 2022
Vulnerable dependencies in Nokogiri High
GHSA-fq42-c5rg-92c2 was published for nokogiri (RubyGems) Feb 25, 2022
Pageflow vulnerable to sensitive user data extraction via Ransack query injection High
GHSA-wrrw-crp8-979q was published for pageflow (RubyGems) Sep 15, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database