GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
37 advisories
Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184)
Moderate
GHSA-r9cr-qmfw-pmrc
was published
for
camaleon_cms
(RubyGems)
Sep 18, 2024
Trix Editor Arbitrary Code Execution Vulnerability
Moderate
CVE-2024-34341
was published
for
actiontext
(RubyGems)
May 7, 2024
YARD's default template vulnerable to Cross-site Scripting in generated frames.html
Moderate
CVE-2024-27285
was published
for
yard
(RubyGems)
Feb 28, 2024
Cross-site scripting (XSS) in the dynamic file uploads
Moderate
CVE-2023-51447
was published
for
decidim
(RubyGems)
Feb 20, 2024
Denial of Service in uap-core when processing crafted User-Agent strings
Moderate
CVE-2020-5243
was published
for
uap-core
(RubyGems)
Feb 20, 2020
Cross-site scripting (XSS) in Action messages on Avo
Moderate
CVE-2024-22411
was published
for
avo
(RubyGems)
Jan 17, 2024
httparty has multipart/form-data request tampering vulnerability
Moderate
CVE-2024-22049
was published
for
httparty
(RubyGems)
Jan 3, 2023
Features file injection vulnerability
Moderate
CVE-2013-4318
was published
for
features
(RubyGems)
May 5, 2022
Doorkeeper is vulnerable to stored XSS and code execution
Moderate
CVE-2018-1000088
was published
for
doorkeeper
(RubyGems)
Mar 13, 2018
Field Test CSRF vulnerability
Moderate
CVE-2020-16252
was published
for
field_test
(RubyGems)
Aug 5, 2020
XSS Vulnerability in Action View tag helpers
Moderate
CVE-2022-27777
was published
for
actionview
(RubyGems)
Apr 27, 2022
Ability to change order address without triggering address validations in solidus
Moderate
CVE-2020-15109
was published
for
solidus_api
(RubyGems)
Aug 4, 2020
ProTip!
Advisories are also available from the
GraphQL API