Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

956 advisories

Loading
Withdrawn Advisory: Fat Free CRM Cross-site Scripting vulnerability Moderate
CVE-2019-10226 was published for fat_free_crm (RubyGems) May 24, 2022 withdrawn
steveyken
Credited to steveyken
Publify has Improper Access Controls Moderate
CVE-2022-1810 was published for publify_core (RubyGems) May 24, 2022
Publify vulnerable to cross site scripting Critical
CVE-2022-1811 was published for publify_core (RubyGems) May 24, 2022
Nokogiri Improperly Handles Unexpected Data Type High
CVE-2022-29181 was published for nokogiri (RubyGems) May 23, 2022
agustingianni decsecre583
Credited to agustingianni and decsecre583
Insecure PRNG use in random_password_generator High
CVE-2019-25061 was published for random_password_generator (RubyGems) May 19, 2022
Integer Overflow or Wraparound in libxml2 affects Nokogiri High
GHSA-cgx6-hpwq-fhv5 was published for nokogiri (RubyGems) May 18, 2022
Publify vulnerable to DoS attack High
CVE-2014-3211 was published for publify_core (RubyGems) May 17, 2022
openshift-origin-node Improper Input Validation vulnerability Moderate
CVE-2014-0084 was published for openshift-origin-node (RubyGems) May 17, 2022
Spree does not properly restrict the use of a hash to provide values for a model's attributes Moderate
CVE-2008-7310 was published for spree (RubyGems) May 17, 2022
Spree uses a hardcoded hash value Moderate
CVE-2008-7311 was published for spree (RubyGems) May 17, 2022
Chef Improper Access Control vulnerability Moderate
CVE-2010-5142 was published for chef (RubyGems) May 17, 2022
spree_auth_devise allows remote authenticated users to assign themselves arbitrary roles Moderate
CVE-2013-2506 was published for spree_auth_devise (RubyGems) May 17, 2022
Katello uses hard coded credential Critical
CVE-2012-3503 was published for katello (RubyGems) May 17, 2022
postmodern
Credited to postmodern
Rack-Cache caches sensitive headers Moderate
CVE-2012-2671 was published for rack-cache (RubyGems) May 17, 2022
Rack Gem Subject to Denial of Service via Hash Collisions Moderate
CVE-2011-5036 was published for org.jruby:jruby-parent (RubyGems) May 17, 2022
Sup Code Injection vulnerability Moderate
CVE-2013-4478 was published for sup (RubyGems) May 17, 2022
Fat Free CRM has fixed token value Moderate
CVE-2013-7222 was published for fat_free_crm (RubyGems) May 17, 2022
Fat Free CRM contains Cross-site Request Forgery vulnerablilities Moderate
CVE-2013-7223 was published for fat_free_crm (RubyGems) May 17, 2022
Fat Free CRM vulnerable to SQL Injection Moderate
CVE-2013-7225 was published for fat_free_crm (RubyGems) May 17, 2022
Fat Free CRM allows remote attackers to obtain sensitive information via a direct request Moderate
CVE-2013-7224 was published for fat_free_crm (RubyGems) May 17, 2022
Fat Free CRM vulnerable to Exposure of Sensitive Information Moderate
CVE-2013-7249 was published for fat_free_crm (RubyGems) May 17, 2022
RubyGems HTTPS to HTTP redirect Moderate
CVE-2012-2125 was published for rubygems-update (RubyGems) May 17, 2022
jasnow
Credited to jasnow
RubyGems does not verify SSL certificate Moderate
CVE-2012-2126 was published for rubygems-update (RubyGems) May 17, 2022
jasnow
Credited to jasnow
Kafo allows local users to obtain passwords and other sensitive information by reading default_values.yaml Low
CVE-2014-0135 was published for kafo (RubyGems) May 17, 2022
GitLab Grit Gem for Ruby contains a flaw allowing arbitrary commands to be executed Moderate
CVE-2013-4489 was published for gitlab-grit (RubyGems) May 17, 2022
postmodern
Credited to postmodern
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database