GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,748
Erlang
35
GitHub Actions
29
Go
2,321
Maven
5,000+
npm
3,955
NuGet
712
pip
3,736
Pub
12
RubyGems
921
Rust
972
Swift
38
Unreviewed advisories
All unreviewed
5,000+
439 advisories
Filter by severity
rails-html-sanitizer Cross-site Scripting vulnerability
Moderate
CVE-2015-7578
was published
for
rails-html-sanitizer
(RubyGems)
Oct 24, 2017
The rack-cors rubygem may allow directory traveral
Moderate
CVE-2019-18978
was published
for
rack-cors
(RubyGems)
Nov 15, 2019
Cross-site Scripting in Chartkick
Moderate
CVE-2019-12732
was published
for
chartkick
(RubyGems)
Jun 7, 2019
Publify Core does not strip metadata from images
Moderate
CVE-2022-2815
was published
for
publify_core
(RubyGems)
Jan 14, 2023
private_address_check vulnerable to bypass of Resolv.getaddresses method
Moderate
CVE-2017-0904
was published
for
private_address_check
(RubyGems)
Nov 29, 2017
Loofah Cross-site Scripting vulnerability
Moderate
CVE-2018-16468
was published
for
loofah
(RubyGems)
Nov 1, 2018
Fat Free CRM subject to Cross-site Scripting
Moderate
CVE-2014-5441
was published
for
fat_free_crm
(RubyGems)
May 17, 2022
Fat Free CRM vulnerable to Exposure of Sensitive Information
Moderate
CVE-2013-7249
was published
for
fat_free_crm
(RubyGems)
May 17, 2022
Fat Free CRM vulnerable to SQL Injection
Moderate
CVE-2013-7225
was published
for
fat_free_crm
(RubyGems)
May 17, 2022
Fat Free CRM allows remote attackers to obtain sensitive information via a direct request
Moderate
CVE-2013-7224
was published
for
fat_free_crm
(RubyGems)
May 17, 2022
Fat Free CRM contains Cross-site Request Forgery vulnerablilities
Moderate
CVE-2013-7223
was published
for
fat_free_crm
(RubyGems)
May 17, 2022
XML Injection in Xerces Java affects Nokogiri
Moderate
GHSA-xxx9-3xcr-gjj3
was published
for
nokogiri
(RubyGems)
Apr 11, 2022
Withdrawn: HTTP Request Smuggling in Agoo
Moderate
CVE-2020-7670
was published
for
agoo
(RubyGems)
Oct 20, 2020
•
withdrawn
Moderate severity vulnerability that affects actionpack
Moderate
GHSA-m53f-rhq8-q6hf
was published
for
actionpack
(RubyGems)
Sep 17, 2018
•
withdrawn
Moderate severity vulnerability that affects actionpack
Moderate
GHSA-qf5x-qgx7-437h
was published
for
actionpack
(RubyGems)
Sep 17, 2018
•
withdrawn
Moderate severity vulnerability that affects sprockets
Moderate
GHSA-r4x3-g983-9g48
was published
for
sprockets
(RubyGems)
Oct 10, 2018
•
withdrawn
Moderate severity vulnerability that affects paperclip
Moderate
GHSA-phmw-pv3f-vvx7
was published
for
paperclip
(RubyGems)
Aug 13, 2018
•
withdrawn
Moderate severity vulnerability that affects web-console
Moderate
GHSA-82x2-g7vr-39wq
was published
for
web-console
(RubyGems)
Aug 13, 2018
•
withdrawn
CSS Injection in Chartkick gem
Moderate
CVE-2020-16254
was published
for
chartkick
(RubyGems)
Aug 12, 2020
Moderate severity vulnerability that affects actionpack
Moderate
GHSA-vwfg-qj3r-6v3r
was published
for
actionpack
(RubyGems)
Sep 17, 2018
•
withdrawn
Moderate severity vulnerability that affects doorkeeper
Moderate
GHSA-5p9f-55j8-922m
was published
for
doorkeeper
(RubyGems)
Aug 13, 2018
•
withdrawn
Moderate severity vulnerability that affects rails-html-sanitizer
Moderate
GHSA-mrhj-2g4v-39qx
was published
for
rails-html-sanitizer
(RubyGems)
Sep 17, 2018
•
withdrawn
Moderate severity vulnerability that affects rails-html-sanitizer
Moderate
GHSA-qc8j-m8j3-rjq6
was published
for
rails-html-sanitizer
(RubyGems)
Sep 17, 2018
•
withdrawn
Moderate severity vulnerability that affects activerecord
Moderate
GHSA-m8h6-m9p5-p2f8
was published
for
activerecord
(RubyGems)
Aug 13, 2018
•
withdrawn
Moderate severity vulnerability that affects rack
Moderate
GHSA-9vc2-p34x-jhxh
was published
for
rack
(RubyGems)
Sep 17, 2018
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API