Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

956 advisories

Loading
Camaleon CMS Insufficient Session Expiration vulnerability High
CVE-2021-25970 was published for camaleon_cms (RubyGems) May 24, 2022
Cross site scripting in publify Moderate
CVE-2021-25975 was published for publify_core (RubyGems) May 24, 2022
net-ldap has weak salt when generating passwords Moderate
CVE-2014-0083 was published for net-ldap (RubyGems) May 24, 2022
Camaleon CMS vulnerable to Uncaught Exception Moderate
CVE-2021-25971 was published for camaleon_cms (RubyGems) May 24, 2022
Camaleon CMS vulnerable to Server-Side Request Forgery Moderate
CVE-2021-25972 was published for camaleon_cms (RubyGems) May 24, 2022
apollo_upload_server has Denial of Service vulnerability Moderate
CVE-2021-39880 was published for apollo_upload_server (RubyGems) May 24, 2022
jasnow
Credited to jasnow
Nokogiri has vulnerable dependencies on libxml2 and libxslt High
CVE-2021-30560 was published for nokogiri (RubyGems) May 24, 2022
Smashing Cross-site Scripting vulnerability Moderate
CVE-2021-35440 was published for smashing (RubyGems) May 24, 2022
Nokogiri contains libxml Out-of-bounds Write vulnerability High
CVE-2021-3517 was published for nokogiri (RubyGems) May 24, 2022
Nokogiri Implements libxml2 version vulnerable to use-after-free High
CVE-2021-3518 was published for nokogiri (RubyGems) May 24, 2022
Nokogiri Implements libxml2 version vulnerable to null pointer dereferencing Moderate
CVE-2021-3537 was published for nokogiri (RubyGems) May 24, 2022
Metasploit Framework user exposes Metasploit to same deserialization issue that is exploited by that module High
CVE-2020-7385 was published for metasploit-framework (RubyGems) May 24, 2022
jasnow
Credited to jasnow
Gitaly Insufficient Session Expiration vulnerability Low
CVE-2020-13353 was published for gitaly (RubyGems) May 24, 2022
WEBRick vulnerable to HTTP Request/Response Smuggling High
CVE-2020-25613 was published for webrick (RubyGems) May 24, 2022
decsecre583
Credited to decsecre583
omniauth-weibo-oauth2 included a code-execution backdoor inserted by a third party Critical
CVE-2019-17268 was published for omniauth-weibo-oauth2 (RubyGems) May 24, 2022
papercrop does not properly handle crop input Critical
CVE-2015-2784 was published for papercrop (RubyGems) May 24, 2022
Nokogiri implementation of libxslt vulnerable to heap corruption High
CVE-2019-5815 was published for nokogiri (RubyGems) May 24, 2022
Katello cleartext password storage issue Low
CVE-2019-14825 was published for katello (RubyGems) May 24, 2022
Missing Initialization of Resource in Apache Arrow High
CVE-2019-12410 was published for pyarrow (RubyGems) May 24, 2022
Missing Initialization of Resource in Apache Arrow High
CVE-2019-12408 was published for pyarrow (RubyGems) May 24, 2022
Nokogiri affected by libxslt Use of Uninitialized Resource/Use After Free vulnerability High
CVE-2019-18197 was published for nokogiri (RubyGems) May 24, 2022
Devise Token Auth vulnerable to Cross-site Scripting Moderate
CVE-2019-16751 was published for devise_token_auth (RubyGems) May 24, 2022
Elastic APM agent for Ruby vulnerable to Improper Certificate Validation High
CVE-2019-7615 was published for elastic-apm (RubyGems) May 24, 2022
libxslt Type Confusion vulnerability that affects Nokogiri High
CVE-2019-13118 was published for nokogiri (RubyGems) May 24, 2022
Uninitialized read in Nokogiri gem High
CVE-2019-13117 was published for nokogiri (RubyGems) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database