GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
877 advisories
Filter by severity
Kredis JSON Possible Deserialization of Untrusted Data Vulnerability
Moderate
CVE-2023-27531
was published
for
kredis
(RubyGems)
Jun 9, 2023
RedCloth Regular Expression Denial of Service issue
High
CVE-2023-31606
was published
for
RedCloth
(RubyGems)
Jun 6, 2023
avo possible unsafe reflection / partial DoS vulnerability
High
CVE-2023-34102
was published
for
avo
(RubyGems)
Jun 6, 2023
avo vulnerable to Stored XSS (Cross Site Scripting) in html content based fields
High
CVE-2023-34103
was published
for
avo
(RubyGems)
Jun 6, 2023
ruby-saml vulnerable to XPath injection
Critical
CVE-2015-20108
was published
for
ruby-saml
(RubyGems)
May 27, 2023
Server-Side Template Injection in Camaleon CMS
Critical
CVE-2023-30145
was published
for
camaleon_cms
(RubyGems)
May 26, 2023
Race Condition leading to logging errors
Low
CVE-2024-22047
was published
for
audited
(RubyGems)
May 1, 2023
Buffer overflow in sponge queue functions
Critical
CVE-2022-37454
was published
for
pysha3
(RubyGems)
Apr 26, 2023
Sensitive Terraform Output Values Printed At Info Logging Level In Kitchen-Terraform
Low
CVE-2023-30618
was published
for
kitchen-terraform
(RubyGems)
Apr 24, 2023
sidekiq vulnerable to cross-site scripting
High
CVE-2023-1892
was published
for
sidekiq
(RubyGems)
Apr 21, 2023
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in Pay
High
CVE-2023-30614
was published
for
pay
(RubyGems)
Apr 20, 2023
Commonmarker vulnerable to to several quadratic complexity bugs that may lead to denial of service
Moderate
GHSA-48wp-p9qv-4j64
was published
for
commonmarker
(RubyGems)
Apr 11, 2023
Nokogiri updates packaged libxml2 to v2.10.4 to resolve multiple CVEs
Moderate
GHSA-pxvg-2qj5-37jq
was published
for
nokogiri
(RubyGems)
Apr 11, 2023
govuk_tech_docs vulnerable to unescaped HTML on search results page
Low
CVE-2024-22048
was published
for
govuk_tech_docs
(RubyGems)
Apr 11, 2023
Fluent Fluentd and Fluent-ui use default password
High
CVE-2020-21514
was published
for
fluentd
(RubyGems)
Apr 4, 2023
unpoly-rails Denial of Service vulnerability
Moderate
CVE-2023-28846
was published
for
unpoly-rails
(RubyGems)
Mar 30, 2023
Reflective Cross-site Scripting Vulnerability in twitter-bootstrap-rails
Moderate
CVE-2014-4920
was published
for
twitter-bootstrap-rails
(RubyGems)
Mar 16, 2023
Possible Denial of Service Vulnerability in Rack's header parsing
Low
CVE-2023-27539
was published
for
rack
(RubyGems)
Mar 15, 2023
Possible XSS Security Vulnerability in SafeBuffer#bytesplice
Moderate
CVE-2023-28120
was published
for
activesupport
(RubyGems)
Mar 15, 2023
Rack has possible DoS Vulnerability in Multipart MIME parsing
High
CVE-2023-27530
was published
for
rack
(RubyGems)
Mar 8, 2023
Code injection in pdf_info
Critical
CVE-2022-36231
was published
for
pdf_info
(RubyGems)
Feb 24, 2023
Withdrawn: Fortra GoAnywhere MFT Deserialization of Untrusted Data vulnerability affects metasploit-framework
High
CVE-2023-0669
was published
for
metasploit-framework
(RubyGems)
Feb 6, 2023
•
withdrawn
Clockwork Web contains a Cross-Site Request Forgery Vulnerability with Rails < 5.2
Moderate
CVE-2023-25015
was published
for
clockwork_web
(RubyGems)
Feb 2, 2023
ProTip!
Advisories are also available from the
GraphQL API