Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

956 advisories

Loading
PDFKit vulnerable to Command Injection Critical
CVE-2022-25765 was published for pdfkit (RubyGems) Sep 10, 2022
wonda-tea-coffee kiafaldorius
Credited to wonda-tea-coffee and kiafaldorius
OmniAuth's `lib/omniauth/failure_endpoint.rb` does not escape `message_key` value Critical
CVE-2020-36599 was published for omniauth (RubyGems) Aug 19, 2022
gsimoesr
Credited to gsimoesr
update_by_case before 0.1.3 can be vulnerable to sql injection Moderate
CVE-2022-35956 was published for update_by_case (RubyGems) Aug 11, 2022
administrate vulnerable to Cross-Site Request Forgery Moderate
CVE-2016-3098 was published for administrate (RubyGems) Aug 6, 2022
TZInfo relative path traversal vulnerability allows loading of arbitrary files High
CVE-2022-31163 was published for tzinfo (RubyGems) Jul 21, 2022
kratob
Credited to kratob
jQuery UI vulnerable to XSS when refreshing a checkboxradio with an HTML-like initial text label Moderate
CVE-2022-31160 was published for jQuery.UI.Combined (RubyGems) Jul 18, 2022
Elkano c960657
Borzik
Credited to Elkano, c960657, and Borzik
Gollum Cross-site Scripting vulnerability via filename parameter to New Page dialog Moderate
CVE-2020-35305 was published for gollum (RubyGems) Jul 16, 2022
Active Record RCE bug with Serialized Columns Critical
CVE-2022-32224 was published for activerecord (RubyGems) Jul 12, 2022
opensearch-ruby 2.x before 2.0.2 vulnerable to unsafe YAML deserialization High
CVE-2022-31115 was published for opensearch-ruby (RubyGems) Jul 5, 2022
tdunlap607
Credited to tdunlap607
Ember.js Potential XSS Exploit When Binding `tagName` to User-Supplied Data Moderate
CVE-2013-4170 was published for ember-source (RubyGems) Jul 1, 2022
OS Command Injection in awesome spawn Critical
CVE-2014-0156 was published for awesome_spawn (RubyGems) Jul 1, 2022
BenK0lin
Credited to BenK0lin
Externally Controlled Reference to a Resource in Another Sphere in ruby-mysql Moderate
CVE-2021-3779 was published for ruby-mysql (RubyGems) Jun 29, 2022
Rails::Html::Sanitizer vulnerable to Cross-site Scripting Moderate
CVE-2022-32209 was published for rails-html-sanitizer (RubyGems) Jun 25, 2022
tdunlap607
Credited to tdunlap607
Improper handling of double quotes in file name in Diffy in Windows environment Critical
CVE-2022-33127 was published for diffy (RubyGems) Jun 24, 2022
Octokit gem published with world-writable files Low
CVE-2022-31072 was published for octokit (RubyGems) Jun 15, 2022
Octopoller gem published with world-writable files Low
CVE-2022-31071 was published for octopoller (RubyGems) Jun 15, 2022
Mechanize before v2.8.5 vulnerable to authorization header leak on port redirect Moderate
CVE-2022-31033 was published for mechanize (RubyGems) Jun 9, 2022
JMESPath for Ruby uses unsafe JSON.load when safe JSON.parse is preferable Critical
CVE-2022-32511 was published for jmespath (RubyGems) Jun 7, 2022
plygrnd tdunlap607
Credited to plygrnd and tdunlap607
Use of Uninitialized Variable in trilogy Moderate
CVE-2022-31026 was published for trilogy (RubyGems) Jun 6, 2022
Arbitrary file write in dragonfly Critical
CVE-2021-33473 was published for dragonfly (RubyGems) Jun 3, 2022
CSRF allows attacker to finalize/unfinalize order adjustments in solidus_backend Low
CVE-2022-31000 was published for solidus_backend (RubyGems) Jun 1, 2022
Denial of Service Vulnerability in Rack Multipart Parsing High
CVE-2022-30122 was published for rack (RubyGems) May 27, 2022
Possible shell escape sequence injection vulnerability in Rack Critical
CVE-2022-30123 was published for rack (RubyGems) May 27, 2022
kurt-r2c
Credited to kurt-r2c
Camaleon CMS Stored Cross-site Scripting vulnerability Moderate
CVE-2021-25969 was published for camaleon_cms (RubyGems) May 24, 2022
Cross site scripting in publify Moderate
CVE-2021-25974 was published for publify_core (RubyGems) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database