GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
89 advisories
Filter by severity
A potential Denial of Service issue in protobuf-java
High
CVE-2021-22569
was published
for
com.google.protobuf:protobuf-java
(RubyGems)
Jan 7, 2022
CSRF forgery protection bypass in solidus_frontend
Moderate
CVE-2021-43846
was published
for
solidus_frontend
(RubyGems)
Jan 6, 2022
actionpack Open Redirect in Host Authorization Middleware
Moderate
CVE-2021-44528
was published
for
actionpack
(RubyGems)
Dec 14, 2021
Open Redirect in ActionPack
Moderate
CVE-2021-22942
was published
for
actionpack
(RubyGems)
Aug 26, 2021
Regular Expression Denial of Service in Addressable templates
High
CVE-2021-32740
was published
for
addressable
(RubyGems)
Jul 12, 2021
Insecure path handling in Bundler
High
CVE-2019-3881
was published
for
bundler
(RubyGems)
May 10, 2021
Possible Open Redirect Vulnerability in Action Pack
Moderate
CVE-2021-22903
was published
for
actionpack
(RubyGems)
May 5, 2021
Actionpack Open Redirect Vulnerability
Moderate
CVE-2021-22881
was published
for
actionpack
(RubyGems)
Mar 2, 2021
Backdoor / Malicious code
Critical
GHSA-q2hm-gx3f-h63q
was published
for
lita-coin
(RubyGems)
Feb 23, 2021
•
withdrawn
Remote code execution in dependabot-core branch names when cloning
High
CVE-2020-26222
was published
for
dependabot-common
(RubyGems)
Nov 13, 2020
Field Test CSRF vulnerability
Moderate
CVE-2020-16252
was published
for
field_test
(RubyGems)
Aug 5, 2020
Ability to change order address without triggering address validations in solidus
Moderate
CVE-2020-15109
was published
for
solidus_api
(RubyGems)
Aug 4, 2020
Unsafe object creation in json RubyGem
High
CVE-2020-10663
was published
for
json
(RubyGems)
Jul 27, 2020
Improper Restriction of Excessive Authentication Attempts in Sorcery
High
CVE-2020-11052
was published
for
sorcery
(RubyGems)
May 7, 2020
Denial of Service in uap-core when processing crafted User-Agent strings
High
GHSA-pcqq-5962-hvcw
was published
for
user_agent_parser
(RubyGems)
Mar 10, 2020
HTTP Response Splitting (Early Hints) in Puma
Moderate
CVE-2020-5249
was published
for
puma
(RubyGems)
Mar 3, 2020
HTTP Response Splitting in Puma
Moderate
CVE-2020-5247
was published
for
puma
(RubyGems)
Feb 28, 2020
Denial of Service in uap-core when processing crafted User-Agent strings
Moderate
CVE-2020-5243
was published
for
uap-core
(RubyGems)
Feb 20, 2020
Limited header injection when using dynamic overrides with user input in RubyGems secure_headers
Moderate
CVE-2020-5216
was published
for
secure_headers
(RubyGems)
Jan 23, 2020
Prototype Pollution in chartkick
High
CVE-2019-18841
was published
for
chartkick
(RubyGems)
Dec 2, 2019
Ruby_parser-legacy Incorrect Permission Assignment for Critical Resource
High
CVE-2019-18409
was published
for
ruby_parser-legacy
(RubyGems)
Oct 25, 2019
Malicious URL drafting attack against iodines static file server may allow path traversal
Low
CVE-2024-22050
was published
for
iodine
(RubyGems)
Oct 7, 2019
rest-client Gem Contains Malicious Code
Critical
CVE-2019-15224
was published
for
awesome-bot
(RubyGems)
Aug 20, 2019
strong_password Ruby gem malicious version causing Remote Code Execution vulnerability
Critical
CVE-2019-13354
was published
for
strong_password
(RubyGems)
Jul 8, 2019
RubyGems Delete directory using symlink when decompressing tar
High
CVE-2019-8320
was published
for
rubygems-update
(RubyGems)
Jun 20, 2019
ProTip!
Advisories are also available from the
GraphQL API