GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
877 advisories
Filter by severity
Rails ActiveRecord gem vulnerable to SQL injection
High
CVE-2008-4094
was published
for
activerecord
(RubyGems)
Oct 24, 2017
Improper Input Validation in actionpack
Moderate
CVE-2008-7248
was published
for
actionpack
(RubyGems)
Oct 24, 2017
Rails activerecord gem has Improper Input Validation vulnerability
Moderate
CVE-2010-3933
was published
for
activerecord
(RubyGems)
Oct 24, 2017
Moderate severity vulnerability that affects rails
Moderate
CVE-2007-5379
was published
for
rails
(RubyGems)
Oct 24, 2017
Moderate severity vulnerability that affects rails
Moderate
CVE-2007-3227
was published
for
rails
(RubyGems)
Oct 24, 2017
High severity vulnerability that affects thin
High
CVE-2009-3287
was published
for
thin
(RubyGems)
Oct 24, 2017
Moderate severity vulnerability that affects rails
Moderate
CVE-2009-4214
was published
for
rails
(RubyGems)
Oct 24, 2017
High severity vulnerability that affects rails.
High
CVE-2006-4112
was published
for
rails
(RubyGems)
Oct 24, 2017
Ruby on Rails vulnerable to code injection
High
CVE-2006-4111
was published
for
rails
(RubyGems)
Oct 24, 2017
Cross site scripting that affects rails
Moderate
CVE-2009-3009
was published
for
actionpack
(RubyGems)
Oct 24, 2017
rails Cross-site Scripting vulnerability
Moderate
CVE-2011-2197
was published
for
actionpack
(RubyGems)
Oct 24, 2017
Rails actionpack gem vulnerable to Cross-site Scripting
Moderate
CVE-2011-0446
was published
for
actionpack
(RubyGems)
Oct 24, 2017
actionpack and activesupport vulnerable to information leaks
Moderate
CVE-2009-3086
was published
for
actionpack
(RubyGems)
Oct 24, 2017
rails vulnerable to improper authentication
Critical
CVE-2009-2422
was published
for
rails
(RubyGems)
Oct 24, 2017
actionpack Improper Input Validation vulnerability
Moderate
CVE-2011-3187
was published
for
actionpack
(RubyGems)
Oct 24, 2017
Puppet allows local users to overwrite arbitrary files via a symlink attack
Low
CVE-2012-1989
was published
for
puppet
(RubyGems)
Oct 24, 2017
actionpack Cross-site Scripting vulnerability
Moderate
CVE-2011-2931
was published
for
actionpack
(RubyGems)
Oct 24, 2017
Puppet supports use of IP addresses in certnames without warning of potential risks
Low
CVE-2012-3408
was published
for
puppet
(RubyGems)
Oct 24, 2017
Session fixation vulnerability in Rails
Moderate
CVE-2007-5380
was published
for
rails
(RubyGems)
Oct 24, 2017
WEBrick Improper Input Validation vulnerability
Moderate
CVE-2009-4492
was published
for
webrick
(RubyGems)
Oct 24, 2017
actionpack Improper Authentication vulnerability
Moderate
CVE-2012-3424
was published
for
actionpack
(RubyGems)
Oct 24, 2017
activesupport Cross-site Scripting vulnerability
Moderate
CVE-2012-1098
was published
for
activesupport
(RubyGems)
Oct 24, 2017
activerecord vulnerable to SQL Injection
High
CVE-2012-2695
was published
for
activerecord
(RubyGems)
Oct 24, 2017
activesupport Cross-site Scripting vulnerability
Moderate
CVE-2011-2932
was published
for
activesupport
(RubyGems)
Oct 24, 2017
ProTip!
Advisories are also available from the
GraphQL API