GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
37 advisories
Filter by severity
Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184)
Moderate
GHSA-75j2-9gmc-m855
was published
for
camaleon_cms
(RubyGems)
Sep 25, 2024
Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184)
Moderate
GHSA-8fx8-3rg2-79xw
was published
for
camaleon_cms
(RubyGems)
Sep 23, 2024
Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184)
Moderate
GHSA-r9cr-qmfw-pmrc
was published
for
camaleon_cms
(RubyGems)
Sep 18, 2024
Trix Editor Arbitrary Code Execution Vulnerability
Moderate
CVE-2024-34341
was published
for
actiontext
(RubyGems)
May 7, 2024
YARD's default template vulnerable to Cross-site Scripting in generated frames.html
Moderate
CVE-2024-27285
was published
for
yard
(RubyGems)
Feb 28, 2024
Cross-site scripting (XSS) in the dynamic file uploads
Moderate
CVE-2023-51447
was published
for
decidim
(RubyGems)
Feb 20, 2024
Cross-site scripting (XSS) in Action messages on Avo
Moderate
CVE-2024-22411
was published
for
avo
(RubyGems)
Jan 17, 2024
ActiveAdmin CSV Injection leading to sensitive information disclosure
Moderate
CVE-2023-51763
was published
for
activeadmin
(RubyGems)
Dec 28, 2023
rails-ujs vulnerable to DOM Based Cross-site Scripting contenteditable HTML Elements
Moderate
CVE-2023-23913
was published
for
actionview
(RubyGems)
Jun 9, 2023
Clockwork Web contains a Cross-Site Request Forgery Vulnerability with Rails < 5.2
Moderate
CVE-2023-25015
was published
for
clockwork_web
(RubyGems)
Feb 2, 2023
httparty has multipart/form-data request tampering vulnerability
Moderate
CVE-2024-22049
was published
for
httparty
(RubyGems)
Jan 3, 2023
Externally Controlled Reference to a Resource in Another Sphere in ruby-mysql
Moderate
CVE-2021-3779
was published
for
ruby-mysql
(RubyGems)
Jun 29, 2022
Use of Uninitialized Variable in trilogy
Moderate
CVE-2022-31026
was published
for
trilogy
(RubyGems)
Jun 6, 2022
Camaleon CMS Stored Cross-site Scripting vulnerability
Moderate
CVE-2021-25969
was published
for
camaleon_cms
(RubyGems)
May 24, 2022
Cross site scripting in publify
Moderate
CVE-2021-25975
was published
for
publify_core
(RubyGems)
May 24, 2022
Devise Token Auth vulnerable to Cross-site Scripting
Moderate
CVE-2019-16751
was published
for
devise_token_auth
(RubyGems)
May 24, 2022
RubyGems Path Traversal vulnerability
Moderate
CVE-2018-1000079
was published
for
org.jruby:jruby-stdlib
(RubyGems)
May 14, 2022
katello Cross-site Scripting vulnerability
Moderate
CVE-2018-16887
was published
for
katello
(RubyGems)
May 14, 2022
RubyGems Improper Input Validation vulnerability
Moderate
CVE-2018-1000077
was published
for
org.jruby:jruby-stdlib
(RubyGems)
May 14, 2022
RubyGems Cross-site Scripting vulnerability
Moderate
CVE-2018-1000078
was published
for
org.jruby:jruby-stdlib
(RubyGems)
May 14, 2022
Features file injection vulnerability
Moderate
CVE-2013-4318
was published
for
features
(RubyGems)
May 5, 2022
XSS Vulnerability in Action View tag helpers
Moderate
CVE-2022-27777
was published
for
actionview
(RubyGems)
Apr 27, 2022
CSRF forgery protection bypass in solidus_frontend
Moderate
CVE-2021-43846
was published
for
solidus_frontend
(RubyGems)
Jan 6, 2022
actionpack Open Redirect in Host Authorization Middleware
Moderate
CVE-2021-44528
was published
for
actionpack
(RubyGems)
Dec 14, 2021
Open Redirect in ActionPack
Moderate
CVE-2021-22942
was published
for
actionpack
(RubyGems)
Aug 26, 2021
ProTip!
Advisories are also available from the
GraphQL API