Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,743
Erlang
35
GitHub Actions
29
Go
2,318
Maven
5,000+
npm
3,950
NuGet
711
pip
3,730
Pub
12
RubyGems
920
Rust
965
Swift
38
Unreviewed advisories
All unreviewed
5,000+

306 advisories

Loading
WEBrick RCE Vulnerability High
CVE-2017-10784 was published for webrick (RubyGems) May 14, 2022
brent-yearone drewblas
leviem1 orien aramprice intrigus-lgtm alagos longkt90 ChrisBAshton potsbo libussa
Ruby OpenSSL DoS Vulnerability High
CVE-2017-14033 was published for openssl (RubyGems) May 14, 2022
i18n Vulnerable to Denial of Service Attack High
CVE-2014-10077 was published for i18n (RubyGems) May 14, 2022
jhutchings1
Fileutils Command Injection vulnerability High
CVE-2013-2516 was published for fileutils (RubyGems) May 14, 2022
Phusion Passenger Race Condition Allows Privilege Escalation High
CVE-2018-12029 was published for passenger (RubyGems) May 14, 2022
Katello SQL Injection vulnerabilities High
CVE-2016-3072 was published for katello (RubyGems) May 14, 2022
RubyGems vulnerable to DNS hijack attack High
CVE-2015-3900 was published for rubygems-update (RubyGems) May 14, 2022
RubyGems Improper Input Validation vulnerability High
CVE-2017-0900 was published for rubygems-update (RubyGems) May 14, 2022
RubyGems Deserialization of Untrusted Data vulnerability High
CVE-2018-1000074 was published for org.jruby:jruby-stdlib (RubyGems) May 14, 2022
Elasticsearch Logstash allows remote attackers to execute arbitrary commands High
CVE-2014-4326 was published for logstash (RubyGems) May 14, 2022
postmodern tdeo
Logstash Logs Sensitive Information High
CVE-2016-1000221 was published for logstash-core (RubyGems) May 14, 2022
Asciidoctor Infinite Loop vulnerability High
CVE-2018-18385 was published for asciidoctor (RubyGems) May 13, 2022
Insecure Permissions in Phusion Passenger High
CVE-2018-12027 was published for passenger (RubyGems) May 13, 2022
Incorrect Access Control in Phusion Passenger High
CVE-2018-12028 was published for passenger (RubyGems) May 13, 2022
RubyGems Infinite Loop vulnerability High
CVE-2018-1000075 was published for org.jruby:jruby-stdlib (RubyGems) May 13, 2022
RubyGems may allow a maliciously crafted gem to overwrite files High
CVE-2017-0901 was published for rubygems-update (RubyGems) May 13, 2022
RubyGems has Origin Validation Error vulnerability High
CVE-2017-0902 was published for rubygems-update (RubyGems) May 13, 2022
hammer_cli_foreman Improper Certificate Validation vulnerability High
CVE-2017-2667 was published for hammer_cli_foreman (RubyGems) May 13, 2022
Gem in a Box vulnerable to Cross-site Request Forgery High
CVE-2017-14683 was published for geminabox (RubyGems) May 13, 2022
RubyGems Link Following vulnerability High
CVE-2018-1000073 was published for org.jruby:jruby-stdlib (RubyGems) May 13, 2022
open-uri-cached Gem for Ruby Unsafe Temporary File Creation Enables Code Execution High
CVE-2015-3649 was published for open-uri-cached (RubyGems) May 13, 2022
mixlib-archive Path Traversal vulnerability High
CVE-2017-1000026 was published for mixlib-archive (RubyGems) May 13, 2022
Nokogiri gem, via libxml, is affected by DoS vulnerabilities High
CVE-2017-16932 was published for nokogiri (RubyGems) May 13, 2022
omniauth-facebook Improper Authentication vulnerability High
CVE-2013-4593 was published for omniauth-facebook (RubyGems) May 5, 2022
sinatra does not validate expanded path matches High
CVE-2022-29970 was published for sinatra (RubyGems) May 3, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database