Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

89 advisories

Loading
Directory traversal vulnerability in RubyZip Critical
CVE-2017-5946 was published for rubyzip (RubyGems) Oct 24, 2017
tdunlap607
Local API Login Credentials Disclosure in paratrooper-pingdom Low
CVE-2014-1233 was published for paratrooper-pingdom (RubyGems) Oct 24, 2017
Doorkeeper is vulnerable to stored XSS and code execution Moderate
CVE-2018-1000088 was published for doorkeeper (RubyGems) Mar 13, 2018
tdunlap607
Ciborg gem for Ruby allows local users to write files and gain privileges via Symlink Moderate
CVE-2014-5003 was published for ciborg (RubyGems) Jul 23, 2018
Missing Regex anchor in Rack-Cors allows malicious third party site to perform CORS request High
CVE-2017-11173 was published for rack-cors (RubyGems) Jul 31, 2018
High severity vulnerability that affects rubyzip High
GHSA-3q5q-f79q-7hr2 was published for rubyzip (RubyGems) Jul 31, 2018 withdrawn
active-support impersonates 'activesupport' gem Critical
CVE-2018-3779 was published for active-support (RubyGems) Aug 13, 2018
Git-fastclone passes user modifiable strings directly to a shell command Critical
CVE-2015-8969 was published for git-fastclone (RubyGems) Aug 15, 2018
Rubyzip gem contains a Directory Traversal vulnerability in zip file component Critical
CVE-2018-1000544 was published for rubyzip (RubyGems) Sep 6, 2018
Denial of service or RCE from libxml2 and libxslt High
CVE-2015-8806 was published for nokogiri (RubyGems) Sep 17, 2018
smart_proxy_dynflow gem authentication bypass in Foreman remote execution feature Critical
CVE-2018-14643 was published for smart_proxy_dynflow (RubyGems) Oct 8, 2018
Content Injection via TileJSON attribute in mapbox.js Moderate
CVE-2017-1000042 was published for mapbox-rails (RubyGems) Nov 9, 2018
Content Injection via TileJSON Name in mapbox.js Moderate
CVE-2017-1000043 was published for mapbox-rails (RubyGems) Nov 9, 2018
Bootstrap-sass contains code execution backdoor Critical
CVE-2019-10842 was published for bootstrap-sass (RubyGems) Apr 4, 2019
RubyGems Delete directory using symlink when decompressing tar High
CVE-2019-8320 was published for rubygems-update (RubyGems) Jun 20, 2019
strong_password Ruby gem malicious version causing Remote Code Execution vulnerability Critical
CVE-2019-13354 was published for strong_password (RubyGems) Jul 8, 2019
rest-client Gem Contains Malicious Code Critical
CVE-2019-15224 was published for awesome-bot (RubyGems) Aug 20, 2019
Malicious URL drafting attack against iodines static file server may allow path traversal Low
CVE-2024-22050 was published for iodine (RubyGems) Oct 7, 2019
Ruby_parser-legacy Incorrect Permission Assignment for Critical Resource High
CVE-2019-18409 was published for ruby_parser-legacy (RubyGems) Oct 25, 2019
Prototype Pollution in chartkick High
CVE-2019-18841 was published for chartkick (RubyGems) Dec 2, 2019
Limited header injection when using dynamic overrides with user input in RubyGems secure_headers Moderate
CVE-2020-5216 was published for secure_headers (RubyGems) Jan 23, 2020
Denial of Service in uap-core when processing crafted User-Agent strings Moderate
CVE-2020-5243 was published for uap-core (RubyGems) Feb 20, 2020
bcaller
HTTP Response Splitting in Puma Moderate
CVE-2020-5247 was published for puma (RubyGems) Feb 28, 2020
HTTP Response Splitting (Early Hints) in Puma Moderate
CVE-2020-5249 was published for puma (RubyGems) Mar 3, 2020
Denial of Service in uap-core when processing crafted User-Agent strings High
GHSA-pcqq-5962-hvcw was published for user_agent_parser (RubyGems) Mar 10, 2020
bcaller
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database