GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
89 advisories
Filter by severity
Backdoor / Malicious code
Critical
GHSA-q2hm-gx3f-h63q
was published
for
lita-coin
(RubyGems)
Feb 23, 2021
•
withdrawn
Denial of Service in uap-core when processing crafted User-Agent strings
High
GHSA-pcqq-5962-hvcw
was published
for
user_agent_parser
(RubyGems)
Mar 10, 2020
High severity vulnerability that affects rubyzip
High
GHSA-3q5q-f79q-7hr2
was published
for
rubyzip
(RubyGems)
Jul 31, 2018
•
withdrawn
active-support impersonates 'activesupport' gem
Critical
CVE-2018-3779
was published
for
active-support
(RubyGems)
Aug 13, 2018
A potential Denial of Service issue in protobuf-java
High
CVE-2021-22569
was published
for
com.google.protobuf:protobuf-java
(RubyGems)
Jan 7, 2022
Prototype Pollution in chartkick
High
CVE-2019-18841
was published
for
chartkick
(RubyGems)
Dec 2, 2019
Camaleon CMS Stored Cross-site Scripting vulnerability
Moderate
CVE-2021-25969
was published
for
camaleon_cms
(RubyGems)
May 24, 2022
Cross site scripting in publify
Moderate
CVE-2021-25975
was published
for
publify_core
(RubyGems)
May 24, 2022
Octokit gem published with world-writable files
Low
CVE-2022-31072
was published
for
octokit
(RubyGems)
Jun 15, 2022
Externally Controlled Reference to a Resource in Another Sphere in ruby-mysql
Moderate
CVE-2021-3779
was published
for
ruby-mysql
(RubyGems)
Jun 29, 2022
arr-pm vulnerable to arbitrary shell execution when extracting or listing files contained in a malicious rpm.
High
CVE-2022-39224
was published
for
arr-pm
(RubyGems)
Sep 21, 2022
Clockwork Web contains a Cross-Site Request Forgery Vulnerability with Rails < 5.2
Moderate
CVE-2023-25015
was published
for
clockwork_web
(RubyGems)
Feb 2, 2023
katello Cross-site Scripting vulnerability
Moderate
CVE-2018-16887
was published
for
katello
(RubyGems)
May 14, 2022
RubyGems Code Injection vulnerability
Critical
CVE-2017-0899
was published
for
rubygems-update
(RubyGems)
May 13, 2022
RubyGems may allow a maliciously crafted gem to overwrite files
High
CVE-2017-0901
was published
for
rubygems-update
(RubyGems)
May 13, 2022
RubyGems Path Traversal vulnerability
Moderate
CVE-2018-1000079
was published
for
org.jruby:jruby-stdlib
(RubyGems)
May 14, 2022
RubyGems Improper Input Validation vulnerability
Moderate
CVE-2018-1000077
was published
for
org.jruby:jruby-stdlib
(RubyGems)
May 14, 2022
RubyGems Cross-site Scripting vulnerability
Moderate
CVE-2018-1000078
was published
for
org.jruby:jruby-stdlib
(RubyGems)
May 14, 2022
RubyGems Improper Input Validation vulnerability
High
CVE-2017-0900
was published
for
rubygems-update
(RubyGems)
May 14, 2022
Content Injection via TileJSON Name in mapbox.js
Moderate
CVE-2017-1000043
was published
for
mapbox-rails
(RubyGems)
Nov 9, 2018
Content Injection via TileJSON attribute in mapbox.js
Moderate
CVE-2017-1000042
was published
for
mapbox-rails
(RubyGems)
Nov 9, 2018
karo Metacharacter Handling Remote Command Execution
Critical
CVE-2014-10075
was published
for
karo
(RubyGems)
May 14, 2022
Regular Expression Denial of Service in Addressable templates
High
CVE-2021-32740
was published
for
addressable
(RubyGems)
Jul 12, 2021
Use of Uninitialized Variable in trilogy
Moderate
CVE-2022-31026
was published
for
trilogy
(RubyGems)
Jun 6, 2022
CSRF forgery protection bypass in solidus_frontend
Moderate
CVE-2021-43846
was published
for
solidus_frontend
(RubyGems)
Jan 6, 2022
ProTip!
Advisories are also available from the
GraphQL API