Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

29 advisories

Loading
Denial of Service in uap-core when processing crafted User-Agent strings High
GHSA-pcqq-5962-hvcw was published for user_agent_parser (RubyGems) Mar 10, 2020
bcaller
High severity vulnerability that affects rubyzip High
GHSA-3q5q-f79q-7hr2 was published for rubyzip (RubyGems) Jul 31, 2018 withdrawn
A potential Denial of Service issue in protobuf-java High
CVE-2021-22569 was published for com.google.protobuf:protobuf-java (RubyGems) Jan 7, 2022
Prototype Pollution in chartkick High
CVE-2019-18841 was published for chartkick (RubyGems) Dec 2, 2019
arr-pm vulnerable to arbitrary shell execution when extracting or listing files contained in a malicious rpm. High
CVE-2022-39224 was published for arr-pm (RubyGems) Sep 21, 2022
joernchen
RubyGems may allow a maliciously crafted gem to overwrite files High
CVE-2017-0901 was published for rubygems-update (RubyGems) May 13, 2022
RubyGems Improper Input Validation vulnerability High
CVE-2017-0900 was published for rubygems-update (RubyGems) May 14, 2022
Regular Expression Denial of Service in Addressable templates High
CVE-2021-32740 was published for addressable (RubyGems) Jul 12, 2021
Metasploit Framework user exposes Metasploit to same deserialization issue that is exploited by that module High
CVE-2020-7385 was published for metasploit-framework (RubyGems) May 24, 2022
jasnow
Improper Restriction of Excessive Authentication Attempts in Sorcery High
CVE-2020-11052 was published for sorcery (RubyGems) May 7, 2020
futuretap
Denial of service or RCE from libxml2 and libxslt High
CVE-2015-8806 was published for nokogiri (RubyGems) Sep 17, 2018
Insecure path handling in Bundler High
CVE-2019-3881 was published for bundler (RubyGems) May 10, 2021
Incorrect Access Control in Phusion Passenger High
CVE-2018-12028 was published for passenger (RubyGems) May 13, 2022
Ruby_parser-legacy Incorrect Permission Assignment for Critical Resource High
CVE-2019-18409 was published for ruby_parser-legacy (RubyGems) Oct 25, 2019
RubyGems Delete directory using symlink when decompressing tar High
CVE-2019-8320 was published for rubygems-update (RubyGems) Jun 20, 2019
Unsafe object creation in json RubyGem High
CVE-2020-10663 was published for json (RubyGems) Jul 27, 2020
Missing Regex anchor in Rack-Cors allows malicious third party site to perform CORS request High
CVE-2017-11173 was published for rack-cors (RubyGems) Jul 31, 2018
Remote code execution in dependabot-core branch names when cloning High
CVE-2020-26222 was published for dependabot-common (RubyGems) Nov 13, 2020
mrthankyou
Sanitize vulnerable to Cross-site Scripting via insufficient neutralization of `style` element content High
CVE-2023-36823 was published for sanitize (RubyGems) Jul 6, 2023
cure53
Potential CSV export data leak High
CVE-2023-50448 was published for activeadmin (RubyGems) Dec 15, 2023
emilong
avo vulnerable to stored cross-site scripting (XSS) in key_value field High
CVE-2024-22191 was published for avo (RubyGems) Jan 16, 2024
Mys7ic FLX-0x00
tamaloa
HTTP response splitting in CGI High
CVE-2021-33621 was published for cgi (RubyGems) Nov 19, 2022
meineerde
SQL Injection Vulnerability via ActiveRecord comments High
CVE-2023-22794 was published for activerecord (RubyGems) Jan 18, 2023
kurt-r2c
XSS sidekiq-unique-jobs UI server vulnerability High
CVE-2024-25122 was published for sidekiq-unique-jobs (RubyGems) Feb 13, 2024
pboling Earlopain
Cross-site Scripting (XSS) possible with maliciously formed HTML attribute names and values in Phlex High
CVE-2024-28199 was published for phlex (RubyGems) Mar 12, 2024
p8 joeldrapper
willcosgrove
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database