Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,743
Erlang
35
GitHub Actions
29
Go
2,318
Maven
5,000+
npm
3,950
NuGet
711
pip
3,730
Pub
12
RubyGems
920
Rust
965
Swift
38
Unreviewed advisories
All unreviewed
5,000+

920 advisories

Loading
Doorkeeper subject to Incorrect Permission Assignment High
CVE-2018-1000211 was published for doorkeeper (RubyGems) Aug 13, 2018
backup-agoddard and backup_checksum have Information Exposure vulnerability High
CVE-2014-4993 was published for backup-agoddard (RubyGems) May 14, 2022
Fat Free CRM contains Cross-site Request Forgery vulnerablilities Moderate
CVE-2013-7223 was published for fat_free_crm (RubyGems) May 17, 2022
Fat Free CRM allows remote attackers to obtain sensitive information via a direct request Moderate
CVE-2013-7224 was published for fat_free_crm (RubyGems) May 17, 2022
Fat Free CRM vulnerable to SQL Injection Moderate
CVE-2013-7225 was published for fat_free_crm (RubyGems) May 17, 2022
Fat Free CRM vulnerable to Exposure of Sensitive Information Moderate
CVE-2013-7249 was published for fat_free_crm (RubyGems) May 17, 2022
Fat Free CRM subject to Cross-site Scripting Moderate
CVE-2014-5441 was published for fat_free_crm (RubyGems) May 17, 2022
Loofah Cross-site Scripting vulnerability Moderate
CVE-2018-16468 was published for loofah (RubyGems) Nov 1, 2018
private_address_check vulnerable to bypass of Resolv.getaddresses method Moderate
CVE-2017-0904 was published for private_address_check (RubyGems) Nov 29, 2017
Publify Core does not strip metadata from images Moderate
CVE-2022-2815 was published for publify_core (RubyGems) Jan 14, 2023
Publify Improper Input Validation vulnerability Critical
CVE-2023-0299 was published for publify_core (RubyGems) Jan 14, 2023
Cross-site Scripting in Chartkick Moderate
CVE-2019-12732 was published for chartkick (RubyGems) Jun 7, 2019
The rack-cors rubygem may allow directory traveral Moderate
CVE-2019-18978 was published for rack-cors (RubyGems) Nov 15, 2019
HTTP Request Smuggling in reel High
CVE-2020-7659 was published for reel (RubyGems) May 24, 2021
rails-html-sanitizer Cross-site Scripting vulnerability Moderate
CVE-2015-7578 was published for rails-html-sanitizer (RubyGems) Oct 24, 2017
paperclip Cross-site Scripting vulnerability Moderate
CVE-2015-2963 was published for paperclip (RubyGems) Oct 24, 2017
devise Time-of-check Time-of-use Race Condition vulnerability Moderate
CVE-2019-5421 was published for devise (RubyGems) Mar 19, 2019
Sanitize vulnerable to Improper Input Validation and Cross-site Scripting High
CVE-2018-3740 was published for sanitize (RubyGems) Mar 21, 2018
rails-html-sanitizer Cross-site Scripting vulnerability Moderate
CVE-2015-7580 was published for rails-html-sanitizer (RubyGems) Oct 24, 2017
rack-mini-profiler allows remote attackers to obtain sensitive information about allocated strings and objects Moderate
CVE-2016-4442 was published for rack-mini-profiler (RubyGems) Oct 24, 2017
rest-client allows local users to obtain sensitive information by reading the log Low
CVE-2015-3448 was published for rest-client (RubyGems) Oct 24, 2017
rails-html-sanitizer Cross-site Scripting vulnerability Moderate
CVE-2015-7579 was published for rails-html-sanitizer (RubyGems) Oct 24, 2017
Ruby-SAML Improper Authentication vulnerability High
CVE-2017-11428 was published for ruby-saml (RubyGems) Jul 5, 2019
Improper Certificate Validation in oauth ruby gem High
CVE-2016-11086 was published for oauth (RubyGems) Apr 22, 2021
Cross-site Scripting in Sidekiq Moderate
CVE-2021-30151 was published for sidekiq (RubyGems) Oct 6, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database