GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
956 advisories
sidekiq Denial of Service vulnerability
Moderate
CVE-2023-26141
was published
for
sidekiq
(RubyGems)
Sep 14, 2023
Denial of Service Vulnerability in gRPC TCP Server (Posix-compatible platforms)
High
CVE-2023-4785
was published
for
grpc
(RubyGems)
Sep 13, 2023
Puma HTTP Request/Response Smuggling vulnerability
Critical
CVE-2023-40175
was published
for
puma
(RubyGems)
Aug 18, 2023
protocol-http1 HTTP Request/Response Smuggling vulnerability
Moderate
CVE-2023-38697
was published
for
protocol-http1
(RubyGems)
Aug 3, 2023
Decidim Cross-site Scripting vulnerability in the external link redirections
Moderate
CVE-2023-32693
was published
for
decidim
(RubyGems)
Jul 11, 2023
Decidim Cross-site Scripting vulnerability in the processes filter
High
CVE-2023-34089
was published
for
decidim
(RubyGems)
Jul 11, 2023
Decidim vulnerable to sensitive data disclosure
High
CVE-2023-34090
was published
for
decidim
(RubyGems)
Jul 11, 2023
gRPC connection termination issue
Moderate
CVE-2023-32732
was published
for
grpc
(RubyGems)
Jul 6, 2023
Sanitize vulnerable to Cross-site Scripting via insufficient neutralization of `style` element content
High
CVE-2023-36823
was published
for
sanitize
(RubyGems)
Jul 6, 2023
URI gem has ReDoS vulnerability
Moderate
CVE-2023-36617
was published
for
uri
(RubyGems)
Jun 29, 2023
Duplicate Advisory: jQuery Cross Site Scripting vulnerability
Moderate
CVE-2020-23064
was published
for
jQuery
(RubyGems)
Jun 26, 2023
•
withdrawn
Doorkeeper Improper Authentication vulnerability
Moderate
CVE-2023-34246
was published
for
doorkeeper
(RubyGems)
Jun 12, 2023
RedCloth Regular Expression Denial of Service issue
High
CVE-2023-31606
was published
for
RedCloth
(RubyGems)
Jun 6, 2023
avo possible unsafe reflection / partial DoS vulnerability
High
CVE-2023-34102
was published
for
avo
(RubyGems)
Jun 6, 2023
avo vulnerable to Stored XSS (Cross Site Scripting) in html content based fields
High
CVE-2023-34103
was published
for
avo
(RubyGems)
Jun 6, 2023
ProTip!
Advisories are also available from the
GraphQL API