Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

37 advisories

Loading
Camaleon CMS Stored Cross-site Scripting vulnerability Moderate
CVE-2021-25969 was published for camaleon_cms (RubyGems) May 24, 2022
Cross site scripting in publify Moderate
CVE-2021-25975 was published for publify_core (RubyGems) May 24, 2022
Externally Controlled Reference to a Resource in Another Sphere in ruby-mysql Moderate
CVE-2021-3779 was published for ruby-mysql (RubyGems) Jun 29, 2022
Clockwork Web contains a Cross-Site Request Forgery Vulnerability with Rails < 5.2 Moderate
CVE-2023-25015 was published for clockwork_web (RubyGems) Feb 2, 2023
katello Cross-site Scripting vulnerability Moderate
CVE-2018-16887 was published for katello (RubyGems) May 14, 2022
RubyGems Path Traversal vulnerability Moderate
CVE-2018-1000079 was published for org.jruby:jruby-stdlib (RubyGems) May 14, 2022
RubyGems Improper Input Validation vulnerability Moderate
CVE-2018-1000077 was published for org.jruby:jruby-stdlib (RubyGems) May 14, 2022
RubyGems Cross-site Scripting vulnerability Moderate
CVE-2018-1000078 was published for org.jruby:jruby-stdlib (RubyGems) May 14, 2022
Content Injection via TileJSON Name in mapbox.js Moderate
CVE-2017-1000043 was published for mapbox-rails (RubyGems) Nov 9, 2018
Content Injection via TileJSON attribute in mapbox.js Moderate
CVE-2017-1000042 was published for mapbox-rails (RubyGems) Nov 9, 2018
Use of Uninitialized Variable in trilogy Moderate
CVE-2022-31026 was published for trilogy (RubyGems) Jun 6, 2022
CSRF forgery protection bypass in solidus_frontend Moderate
CVE-2021-43846 was published for solidus_frontend (RubyGems) Jan 6, 2022
Ability to change order address without triggering address validations in solidus Moderate
CVE-2020-15109 was published for solidus_api (RubyGems) Aug 4, 2020
mamhoff kennyadsl
Limited header injection when using dynamic overrides with user input in RubyGems secure_headers Moderate
CVE-2020-5216 was published for secure_headers (RubyGems) Jan 23, 2020
HTTP Response Splitting in Puma Moderate
CVE-2020-5247 was published for puma (RubyGems) Feb 28, 2020
XSS Vulnerability in Action View tag helpers Moderate
CVE-2022-27777 was published for actionview (RubyGems) Apr 27, 2022
N3uRaL4Ca5t
rails-ujs vulnerable to DOM Based Cross-site Scripting contenteditable HTML Elements Moderate
CVE-2023-23913 was published for actionview (RubyGems) Jun 9, 2023
Actionpack Open Redirect Vulnerability Moderate
CVE-2021-22881 was published for actionpack (RubyGems) Mar 2, 2021
Field Test CSRF vulnerability Moderate
CVE-2020-16252 was published for field_test (RubyGems) Aug 5, 2020
greysteil
Devise Token Auth vulnerable to Cross-site Scripting Moderate
CVE-2019-16751 was published for devise_token_auth (RubyGems) May 24, 2022
Doorkeeper is vulnerable to stored XSS and code execution Moderate
CVE-2018-1000088 was published for doorkeeper (RubyGems) Mar 13, 2018
tdunlap607
Features file injection vulnerability Moderate
CVE-2013-4318 was published for features (RubyGems) May 5, 2022
richardfan0606
Possible Open Redirect Vulnerability in Action Pack Moderate
CVE-2021-22903 was published for actionpack (RubyGems) May 5, 2021
Ciborg gem for Ruby allows local users to write files and gain privileges via Symlink Moderate
CVE-2014-5003 was published for ciborg (RubyGems) Jul 23, 2018
HTTP Response Splitting (Early Hints) in Puma Moderate
CVE-2020-5249 was published for puma (RubyGems) Mar 3, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database