Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

956 advisories

Loading
Cross-Site Request Forgery (CSRF) Moderate
GHSA-wj5j-xpcj-45gc was published for devise_invitable (RubyGems) Feb 24, 2021 withdrawn
Backdoor / Malicious code Critical
GHSA-q2hm-gx3f-h63q was published for lita-coin (RubyGems) Feb 23, 2021 withdrawn
Code Injection vulnerability in CarrierWave::RMagick High
CVE-2021-21305 was published for carrierwave (RubyGems) Feb 8, 2021
wonda-tea-coffee
Credited to wonda-tea-coffee
Server-side request forgery in CarrierWave Moderate
CVE-2021-21288 was published for carrierwave (RubyGems) Feb 8, 2021
chadwilken phosphore
Credited to chadwilken and phosphore
Command Injection Vulnerability in Mechanize High
CVE-2021-21289 was published for mechanize (RubyGems) Feb 2, 2021
kyoshidajp
Credited to kyoshidajp
rails_admin ruby gem XSS vulnerability Moderate
CVE-2020-36190 was published for rails_admin (RubyGems) Jan 14, 2021
Injection/XSS in Redcarpet Moderate
CVE-2020-26298 was published for redcarpet (RubyGems) Jan 11, 2021
Nokogiri::XML::Schema trusts input by default, exposing risk of XXE vulnerability Moderate
CVE-2020-26247 was published for nokogiri (RubyGems) Dec 30, 2020
eric-therond
Credited to eric-therond
omniauth-apple allows attacker to fake their email address during authentication High
CVE-2020-26254 was published for omniauth-apple (RubyGems) Dec 8, 2020
davidtaylorhq
Credited to davidtaylorhq
Authorization bypass in Spree High
CVE-2020-26223 was published for spree_api (RubyGems) Nov 13, 2020
Remote code execution in dependabot-core branch names when cloning High
CVE-2020-26222 was published for dependabot-common (RubyGems) Nov 13, 2020
mrthankyou
Credited to mrthankyou
Regression in JWT Signature Validation High
CVE-2020-15240 was published for omniauth-auth0 (RubyGems) Nov 3, 2020
Ensure that doorkeeper_token is valid when authenticating requests in API v2 calls High
CVE-2020-15269 was published for spree (RubyGems) Oct 20, 2020
Morantron
Credited to Morantron
Withdrawn: HTTP Request Smuggling in Agoo Moderate
CVE-2020-7670 was published for agoo (RubyGems) Oct 20, 2020 withdrawn
Possible timing attack in derivation_endpoint Moderate
CVE-2020-15237 was published for shrine (RubyGems) Oct 5, 2020
esparta
Credited to esparta
personnummer/ruby vulnerable to Improper Input Validation Low
GHSA-vp9c-fpxx-744v was published for personnummer (RubyGems) Sep 23, 2020
XSS in Action View Moderate
CVE-2020-15169 was published for actionview (RubyGems) Sep 11, 2020
jonathanhefner
Credited to jonathanhefner
Cross-Site Scripting in jquery Moderate
CVE-2012-6708 was published for jQuery (RubyGems) Sep 1, 2020
klaudialax
Credited to klaudialax
Moped Rubygem Data Injection Vulnerability High
CVE-2015-4410 was published for moped (RubyGems) Aug 19, 2020
CSS Injection in Chartkick gem Moderate
CVE-2020-16254 was published for chartkick (RubyGems) Aug 12, 2020
Unintended read access in kramdown gem Critical
CVE-2020-14001 was published for kramdown (RubyGems) Aug 7, 2020
PgHero gem allows CSRF High
CVE-2020-16253 was published for pghero (RubyGems) Aug 5, 2020
Field Test CSRF vulnerability Moderate
CVE-2020-16252 was published for field_test (RubyGems) Aug 5, 2020
greysteil
Credited to greysteil
Ability to change order address without triggering address validations in solidus Moderate
CVE-2020-15109 was published for solidus_api (RubyGems) Aug 4, 2020
mamhoff kennyadsl
Credited to mamhoff and kennyadsl
Missing TLS certificate verification in faye-websocket High
CVE-2020-15133 was published for faye-websocket (RubyGems) Jul 31, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database