Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

956 advisories

Loading
Nokogiri vulnerable to libxslt protection mechanism bypass Critical
CVE-2019-11068 was published for nokogiri (RubyGems) May 13, 2022
RubyGems Link Following vulnerability High
CVE-2018-1000073 was published for org.jruby:jruby-stdlib (RubyGems) May 13, 2022
smalruby and smalruby-editor vulnerable to OS Command Injection Critical
CVE-2017-2096 was published for smalruby (RubyGems) May 13, 2022
open-uri-cached Gem for Ruby Unsafe Temporary File Creation Enables Code Execution High
CVE-2015-3649 was published for open-uri-cached (RubyGems) May 13, 2022
mixlib-archive Path Traversal vulnerability High
CVE-2017-1000026 was published for mixlib-archive (RubyGems) May 13, 2022
Bootstrap vulnerable to Cross-Site Scripting (XSS) Moderate
CVE-2018-14040 was published for bootstrap (RubyGems) May 13, 2022
jhutchings1 stof
Churro tdunlap607 jenhae
Credited to jhutchings1, stof, Churro, tdunlap607, and jenhae
Fluentd Escape Sequence Injection Vulnerability Critical
CVE-2017-10906 was published for fluentd (RubyGems) May 13, 2022
Puppet Improper Access Control Critical
CVE-2016-2785 was published for puppet (RubyGems) May 13, 2022
Camaleon CMS vulnerable to Stored Cross-site Scripting Moderate
CVE-2018-18260 was published for camaleon_cms (RubyGems) May 13, 2022
Nokogiri gem, via libxml, is affected by DoS vulnerabilities High
CVE-2017-16932 was published for nokogiri (RubyGems) May 13, 2022
Bundler may install gems from a different source than expected Moderate
CVE-2013-0334 was published for bundler (RubyGems) May 5, 2022
jasnow
Credited to jasnow
Rack arbitrary code execution via timing attack Moderate
CVE-2013-0263 was published for rack (RubyGems) May 5, 2022
jhutchings1
Credited to jhutchings1
Rack vulnerable to Denial of Service Moderate
CVE-2013-0184 was published for rack (RubyGems) May 5, 2022
ruby_parser allows local users to overwrite arbitrary files via symlink attack on temporary file with predictable name Low
CVE-2013-0162 was published for ruby_parser (RubyGems) May 5, 2022
PDFKit Improper Input Validation vulnerability Critical
CVE-2013-1607 was published for pdfkit (RubyGems) May 5, 2022
Features file injection vulnerability Moderate
CVE-2013-4318 was published for features (RubyGems) May 5, 2022
richardfan0606
Credited to richardfan0606
omniauth-facebook Improper Authentication vulnerability High
CVE-2013-4593 was published for omniauth-facebook (RubyGems) May 5, 2022
RubyGem openshift-origin-controller is vulnerable to command injection Critical
CVE-2013-2095 was published for openshift-origin-controller (RubyGems) May 5, 2022
Nokogiri vulnerable to DoS while parsing XML documents Moderate
CVE-2013-6460 was published for nokogiri (RubyGems) May 5, 2022
jasnow
Credited to jasnow
Nokogiri vulnerable to DoS while parsing XML entities Moderate
CVE-2013-6461 was published for nokogiri (RubyGems) May 5, 2022
jasnow
Credited to jasnow
CSV-Safe improperly filters special characters potentially leading to CSV injection Critical
CVE-2022-28481 was published for csv-safe (RubyGems) May 3, 2022
sinatra does not validate expanded path matches High
CVE-2022-29970 was published for sinatra (RubyGems) May 3, 2022
Puppet arbitrary files overwrite via a symlink attack Low
CVE-2010-0156 was published for puppet (RubyGems) May 2, 2022
WEBrick Denial of Service Vulnerability High
CVE-2008-4310 was published for webrick (RubyGems) May 2, 2022
Mongrel vulnerable to directory traversal via double-encoded sequences Moderate
CVE-2007-6612 was published for mongrel (RubyGems) May 1, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database