Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

956 advisories

Loading
Fat Free CRM subject to Cross-site Scripting Moderate
CVE-2014-5441 was published for fat_free_crm (RubyGems) May 17, 2022
Sup Code Injection vulnerability Moderate
CVE-2013-4479 was published for sup (RubyGems) May 17, 2022
Karteek Docsplit vulnerable to OS Command Injection High
CVE-2013-1933 was published for karteek-docsplit (RubyGems) May 17, 2022
ccsv Double Free vulnerability Moderate
CVE-2017-15364 was published for ccsv (RubyGems) May 17, 2022
RubyGems Regular Expression Denial of Service Moderate
CVE-2013-4363 was published for rubygems-update (RubyGems) May 17, 2022
RubyGems Improper Input Validation vulnerability Moderate
CVE-2015-4020 was published for rubygems-update (RubyGems) May 17, 2022
jasnow
Credited to jasnow
Publify exposes article metadata Moderate
CVE-2022-1553 was published for publify_core (RubyGems) May 17, 2022
Publify Incorrect Authorization Moderate
CVE-2022-0574 was published for publify_core (RubyGems) May 17, 2022
Publify vulnerable to code injection Moderate
CVE-2022-0578 was published for publify_core (RubyGems) May 17, 2022
VladTheEnterprising allows local users to obtain sensitive information by reading MySQL root password from temporary file High
CVE-2014-4995 was published for VladTheEnterprising (RubyGems) May 14, 2022
codders-dataset Process Table Local Plaintext Credential Disclosure High
CVE-2014-4991 was published for codders-dataset (RubyGems) May 14, 2022
jasnow
Credited to jasnow
VladTheEnterprising allows local users to write to arbitrary files via a symlink attack Moderate
CVE-2014-4996 was published for VladTheEnterprising (RubyGems) May 14, 2022
backup-agoddard and backup_checksum have Information Exposure vulnerability High
CVE-2014-4993 was published for backup-agoddard (RubyGems) May 14, 2022
point-cli allows local users to obtain sensitive information by listing the process High
CVE-2014-4997 was published for point-cli (RubyGems) May 14, 2022
kajam allows local users to obtain sensitive information by listing the process High
CVE-2014-4999 was published for kajam (RubyGems) May 14, 2022
lean-ruport allows local users to obtain sensitive information by listing the process High
CVE-2014-4998 was published for lean-ruport (RubyGems) May 14, 2022
Echor Ruby Gem credentials can be stolen via process table monitoring High
CVE-2014-1835 was published for echor (RubyGems) May 14, 2022
Echor contains Command Injection High
CVE-2014-1834 was published for echor (RubyGems) May 14, 2022
ldap_fluff authentication bypass Moderate
CVE-2012-5604 was published for ldap_fluff (RubyGems) May 14, 2022
Ember.js Cross-site Scripting vulnerability Moderate
CVE-2014-0013 was published for ember-source (RubyGems) May 14, 2022
xapian-core Cross-site Scripting vulnerability Moderate
CVE-2018-0499 was published for xapian-core (RubyGems) May 14, 2022
Fat Free CRM Cross-Site Request Forgery vulnerability Moderate
CVE-2015-1585 was published for fat_free_crm (RubyGems) May 14, 2022
tdunlap607
Credited to tdunlap607
Spree allows remote attackers to obtain sensitive information Moderate
CVE-2010-3978 was published for spree (RubyGems) May 14, 2022
ember-source Cross-site Scripting vulnerability Moderate
CVE-2014-0014 was published for ember-source (RubyGems) May 14, 2022
tdunlap607
Credited to tdunlap607
Nokogiri gem, via libxml, is affected by DoS vulnerabilities High
CVE-2017-15412 was published for nokogiri (RubyGems) May 14, 2022
espen mattyr
flavorjones staticintlucas thomasthaddeus BaerMitUmlaut dlackty
Credited to espen, mattyr, flavorjones, staticintlucas, thomasthaddeus, BaerMitUmlaut, and dlackty
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database