GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
37 advisories
Filter by severity
Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184)
Moderate
GHSA-75j2-9gmc-m855
was published
for
camaleon_cms
(RubyGems)
Sep 25, 2024
Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184)
Moderate
GHSA-8fx8-3rg2-79xw
was published
for
camaleon_cms
(RubyGems)
Sep 23, 2024
Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184)
Moderate
GHSA-r9cr-qmfw-pmrc
was published
for
camaleon_cms
(RubyGems)
Sep 18, 2024
Trix Editor Arbitrary Code Execution Vulnerability
Moderate
CVE-2024-34341
was published
for
actiontext
(RubyGems)
May 7, 2024
YARD's default template vulnerable to Cross-site Scripting in generated frames.html
Moderate
CVE-2024-27285
was published
for
yard
(RubyGems)
Feb 28, 2024
Cross-site scripting (XSS) in the dynamic file uploads
Moderate
CVE-2023-51447
was published
for
decidim
(RubyGems)
Feb 20, 2024
actionpack Open Redirect in Host Authorization Middleware
Moderate
CVE-2021-44528
was published
for
actionpack
(RubyGems)
Dec 14, 2021
Denial of Service in uap-core when processing crafted User-Agent strings
Moderate
CVE-2020-5243
was published
for
uap-core
(RubyGems)
Feb 20, 2020
Open Redirect in ActionPack
Moderate
CVE-2021-22942
was published
for
actionpack
(RubyGems)
Aug 26, 2021
Cross-site scripting (XSS) in Action messages on Avo
Moderate
CVE-2024-22411
was published
for
avo
(RubyGems)
Jan 17, 2024
httparty has multipart/form-data request tampering vulnerability
Moderate
CVE-2024-22049
was published
for
httparty
(RubyGems)
Jan 3, 2023
ActiveAdmin CSV Injection leading to sensitive information disclosure
Moderate
CVE-2023-51763
was published
for
activeadmin
(RubyGems)
Dec 28, 2023
HTTP Response Splitting (Early Hints) in Puma
Moderate
CVE-2020-5249
was published
for
puma
(RubyGems)
Mar 3, 2020
Ciborg gem for Ruby allows local users to write files and gain privileges via Symlink
Moderate
CVE-2014-5003
was published
for
ciborg
(RubyGems)
Jul 23, 2018
Possible Open Redirect Vulnerability in Action Pack
Moderate
CVE-2021-22903
was published
for
actionpack
(RubyGems)
May 5, 2021
Features file injection vulnerability
Moderate
CVE-2013-4318
was published
for
features
(RubyGems)
May 5, 2022
Doorkeeper is vulnerable to stored XSS and code execution
Moderate
CVE-2018-1000088
was published
for
doorkeeper
(RubyGems)
Mar 13, 2018
Devise Token Auth vulnerable to Cross-site Scripting
Moderate
CVE-2019-16751
was published
for
devise_token_auth
(RubyGems)
May 24, 2022
Field Test CSRF vulnerability
Moderate
CVE-2020-16252
was published
for
field_test
(RubyGems)
Aug 5, 2020
Actionpack Open Redirect Vulnerability
Moderate
CVE-2021-22881
was published
for
actionpack
(RubyGems)
Mar 2, 2021
rails-ujs vulnerable to DOM Based Cross-site Scripting contenteditable HTML Elements
Moderate
CVE-2023-23913
was published
for
actionview
(RubyGems)
Jun 9, 2023
XSS Vulnerability in Action View tag helpers
Moderate
CVE-2022-27777
was published
for
actionview
(RubyGems)
Apr 27, 2022
HTTP Response Splitting in Puma
Moderate
CVE-2020-5247
was published
for
puma
(RubyGems)
Feb 28, 2020
Limited header injection when using dynamic overrides with user input in RubyGems secure_headers
Moderate
CVE-2020-5216
was published
for
secure_headers
(RubyGems)
Jan 23, 2020
Ability to change order address without triggering address validations in solidus
Moderate
CVE-2020-15109
was published
for
solidus_api
(RubyGems)
Aug 4, 2020
ProTip!
Advisories are also available from the
GraphQL API