GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
89 advisories
Filter by severity
Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184)
Moderate
GHSA-75j2-9gmc-m855
was published
for
camaleon_cms
(RubyGems)
Sep 25, 2024
Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184)
Moderate
GHSA-8fx8-3rg2-79xw
was published
for
camaleon_cms
(RubyGems)
Sep 23, 2024
protobuf-java has potential Denial of Service issue
High
CVE-2024-7254
was published
for
com.google.protobuf:protobuf-java
(RubyGems)
Sep 19, 2024
Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184)
Moderate
GHSA-r9cr-qmfw-pmrc
was published
for
camaleon_cms
(RubyGems)
Sep 18, 2024
activeadmin vulnerable to stored persistent cross-site scripting (XSS) in dynamic form legends
High
CVE-2024-37031
was published
for
activeadmin
(RubyGems)
Jun 2, 2024
Trix Editor Arbitrary Code Execution Vulnerability
Moderate
CVE-2024-34341
was published
for
actiontext
(RubyGems)
May 7, 2024
Phlex vulnerable to Cross-site Scripting (XSS) via maliciously formed HTML attribute names and values
High
CVE-2024-32970
was published
for
phlex
(RubyGems)
May 1, 2024
Cross-site Scripting (XSS) possible due to improper sanitisation of `href` attributes on `<a>` tags
High
CVE-2024-32463
was published
for
phlex
(RubyGems)
Apr 17, 2024
Cross-site Scripting in actionpack
Low
CVE-2022-3704
was published
for
actionpack
(RubyGems)
Oct 27, 2022
•
withdrawn
YARD's default template vulnerable to Cross-site Scripting in generated frames.html
Moderate
CVE-2024-27285
was published
for
yard
(RubyGems)
Feb 28, 2024
Cross-site Scripting (XSS) possible with maliciously formed HTML attribute names and values in Phlex
High
CVE-2024-28199
was published
for
phlex
(RubyGems)
Mar 12, 2024
Cross-site scripting (XSS) in the dynamic file uploads
Moderate
CVE-2023-51447
was published
for
decidim
(RubyGems)
Feb 20, 2024
XSS sidekiq-unique-jobs UI server vulnerability
High
CVE-2024-25122
was published
for
sidekiq-unique-jobs
(RubyGems)
Feb 13, 2024
actionpack Open Redirect in Host Authorization Middleware
Moderate
CVE-2021-44528
was published
for
actionpack
(RubyGems)
Dec 14, 2021
Denial of Service in uap-core when processing crafted User-Agent strings
Moderate
CVE-2020-5243
was published
for
uap-core
(RubyGems)
Feb 20, 2020
ReDoS based DoS vulnerability in Action Dispatch
Low
CVE-2023-22792
was published
for
actionpack
(RubyGems)
Jan 18, 2023
SQL Injection Vulnerability via ActiveRecord comments
High
CVE-2023-22794
was published
for
activerecord
(RubyGems)
Jan 18, 2023
Open Redirect in ActionPack
Moderate
CVE-2021-22942
was published
for
actionpack
(RubyGems)
Aug 26, 2021
Cross-site scripting (XSS) in Action messages on Avo
Moderate
CVE-2024-22411
was published
for
avo
(RubyGems)
Jan 17, 2024
avo vulnerable to stored cross-site scripting (XSS) in key_value field
High
CVE-2024-22191
was published
for
avo
(RubyGems)
Jan 16, 2024
httparty has multipart/form-data request tampering vulnerability
Moderate
CVE-2024-22049
was published
for
httparty
(RubyGems)
Jan 3, 2023
Malicious URL drafting attack against iodines static file server may allow path traversal
Low
CVE-2024-22050
was published
for
iodine
(RubyGems)
Oct 7, 2019
govuk_tech_docs vulnerable to unescaped HTML on search results page
Low
CVE-2024-22048
was published
for
govuk_tech_docs
(RubyGems)
Apr 11, 2023
Potential CSV export data leak
High
CVE-2023-50448
was published
for
activeadmin
(RubyGems)
Dec 15, 2023
ProTip!
Advisories are also available from the
GraphQL API