GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
37 advisories
Filter by severity
Doorkeeper is vulnerable to stored XSS and code execution
Moderate
CVE-2018-1000088
was published
for
doorkeeper
(RubyGems)
Mar 13, 2018
Ciborg gem for Ruby allows local users to write files and gain privileges via Symlink
Moderate
CVE-2014-5003
was published
for
ciborg
(RubyGems)
Jul 23, 2018
Content Injection via TileJSON attribute in mapbox.js
Moderate
CVE-2017-1000042
was published
for
mapbox-rails
(RubyGems)
Nov 9, 2018
Content Injection via TileJSON Name in mapbox.js
Moderate
CVE-2017-1000043
was published
for
mapbox-rails
(RubyGems)
Nov 9, 2018
Limited header injection when using dynamic overrides with user input in RubyGems secure_headers
Moderate
CVE-2020-5216
was published
for
secure_headers
(RubyGems)
Jan 23, 2020
Denial of Service in uap-core when processing crafted User-Agent strings
Moderate
CVE-2020-5243
was published
for
uap-core
(RubyGems)
Feb 20, 2020
HTTP Response Splitting in Puma
Moderate
CVE-2020-5247
was published
for
puma
(RubyGems)
Feb 28, 2020
HTTP Response Splitting (Early Hints) in Puma
Moderate
CVE-2020-5249
was published
for
puma
(RubyGems)
Mar 3, 2020
Ability to change order address without triggering address validations in solidus
Moderate
CVE-2020-15109
was published
for
solidus_api
(RubyGems)
Aug 4, 2020
Field Test CSRF vulnerability
Moderate
CVE-2020-16252
was published
for
field_test
(RubyGems)
Aug 5, 2020
Actionpack Open Redirect Vulnerability
Moderate
CVE-2021-22881
was published
for
actionpack
(RubyGems)
Mar 2, 2021
Possible Open Redirect Vulnerability in Action Pack
Moderate
CVE-2021-22903
was published
for
actionpack
(RubyGems)
May 5, 2021
Open Redirect in ActionPack
Moderate
CVE-2021-22942
was published
for
actionpack
(RubyGems)
Aug 26, 2021
actionpack Open Redirect in Host Authorization Middleware
Moderate
CVE-2021-44528
was published
for
actionpack
(RubyGems)
Dec 14, 2021
CSRF forgery protection bypass in solidus_frontend
Moderate
CVE-2021-43846
was published
for
solidus_frontend
(RubyGems)
Jan 6, 2022
XSS Vulnerability in Action View tag helpers
Moderate
CVE-2022-27777
was published
for
actionview
(RubyGems)
Apr 27, 2022
Features file injection vulnerability
Moderate
CVE-2013-4318
was published
for
features
(RubyGems)
May 5, 2022
RubyGems Improper Input Validation vulnerability
Moderate
CVE-2018-1000077
was published
for
org.jruby:jruby-stdlib
(RubyGems)
May 14, 2022
RubyGems Cross-site Scripting vulnerability
Moderate
CVE-2018-1000078
was published
for
org.jruby:jruby-stdlib
(RubyGems)
May 14, 2022
katello Cross-site Scripting vulnerability
Moderate
CVE-2018-16887
was published
for
katello
(RubyGems)
May 14, 2022
RubyGems Path Traversal vulnerability
Moderate
CVE-2018-1000079
was published
for
org.jruby:jruby-stdlib
(RubyGems)
May 14, 2022
Devise Token Auth vulnerable to Cross-site Scripting
Moderate
CVE-2019-16751
was published
for
devise_token_auth
(RubyGems)
May 24, 2022
Cross site scripting in publify
Moderate
CVE-2021-25975
was published
for
publify_core
(RubyGems)
May 24, 2022
Camaleon CMS Stored Cross-site Scripting vulnerability
Moderate
CVE-2021-25969
was published
for
camaleon_cms
(RubyGems)
May 24, 2022
Use of Uninitialized Variable in trilogy
Moderate
CVE-2022-31026
was published
for
trilogy
(RubyGems)
Jun 6, 2022
ProTip!
Advisories are also available from the
GraphQL API