Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,748
Erlang
35
GitHub Actions
29
Go
2,321
Maven
5,000+
npm
3,955
NuGet
712
pip
3,736
Pub
12
RubyGems
921
Rust
972
Swift
38
Unreviewed advisories
All unreviewed
5,000+

306 advisories

Loading
Improper Certificate Validation in kubeclient High
CVE-2022-0759 was published for kubeclient (RubyGems) Mar 26, 2022
tdunlap607
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in view_component High
CVE-2022-24722 was published for view_component (RubyGems) Mar 2, 2022
ReDos vulnerability on guest checkout email validation High
CVE-2021-43805 was published for solidus_core (RubyGems) Dec 7, 2021
agustingianni nickrolfe
Cross-Site Request Forgery (CSRF) in trestle-auth High
CVE-2021-29435 was published for trestle-auth (RubyGems) Apr 13, 2021
tomekr aj-hall
utkanos
Ensure that doorkeeper_token is valid when authenticating requests in API v2 calls High
CVE-2020-15269 was published for spree (RubyGems) Oct 20, 2020
Morantron
sinatra does not validate expanded path matches High
CVE-2022-29970 was published for sinatra (RubyGems) May 3, 2022
Metasploit Framework user exposes Metasploit to same deserialization issue that is exploited by that module High
CVE-2020-7385 was published for metasploit-framework (RubyGems) May 24, 2022
jasnow
actionpack allows remote attackers to bypass intended access restrictions High
CVE-2011-0449 was published for actionpack (RubyGems) Oct 24, 2017
ShayAry
Authentication and extension bypass in Faye High
CVE-2020-11020 was published for faye (RubyGems) Apr 29, 2020
HTTP Smuggling via Transfer-Encoding Header in Puma High
CVE-2020-11076 was published for puma (RubyGems) May 22, 2020
ZeddYu
Missing TLS certificate verification in faye-websocket High
CVE-2020-15133 was published for faye-websocket (RubyGems) Jul 31, 2020
Improper Restriction of Excessive Authentication Attempts in Sorcery High
CVE-2020-11052 was published for sorcery (RubyGems) May 7, 2020
futuretap
Regular Expression Denial of Service in websocket-extensions (RubyGem) High
CVE-2020-7663 was published for websocket-extensions (RubyGems) Jun 5, 2020
Cross-site Scripting in Sanitize High
CVE-2020-4054 was published for sanitize (RubyGems) Jun 16, 2020
Authorization bypass in Spree High
CVE-2020-26223 was published for spree_api (RubyGems) Nov 13, 2020
Puma's Keepalive Connections Causing Denial Of Service High
CVE-2021-29509 was published for puma (RubyGems) May 18, 2021
MSP-Greg wjordan
ioquatix
XSS/Script injection vulnerability in matestack High
CVE-2020-5241 was published for matestack-ui-core (RubyGems) Feb 12, 2020
PragTob tdunlap607
Missing TLS certificate verification High
CVE-2020-15134 was published for faye (RubyGems) Jul 31, 2020
libxml as used in Nokogiri has an infinite loop in a certain end-of-file situation High
CVE-2020-7595 was published for nokogiri (RubyGems) Feb 24, 2020
Phusion Passenger uses a known /tmp filename High
CVE-2016-10345 was published for passenger (RubyGems) Aug 21, 2018
Uninitialized read in Nokogiri gem High
CVE-2019-13117 was published for nokogiri (RubyGems) May 24, 2022
Nokogiri gem, via libxml, is affected by DoS vulnerabilities High
CVE-2017-16932 was published for nokogiri (RubyGems) May 13, 2022
Nokogiri affected by zlib's Out-of-bounds Write vulnerability High
CVE-2018-25032 was published for nokogiri (RubyGems) Mar 26, 2022
Insecure Permissions in Phusion Passenger High
CVE-2018-12027 was published for passenger (RubyGems) May 13, 2022
Echor contains Command Injection High
CVE-2014-1834 was published for echor (RubyGems) May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database