Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

956 advisories

Loading
Malicious URL drafting attack against iodines static file server may allow path traversal Low
CVE-2024-22050 was published for iodine (RubyGems) Oct 7, 2019
Improper Input Validation in simple_form Critical
CVE-2019-16676 was published for simple_form (RubyGems) Sep 30, 2019
kurt-r2c
Credited to kurt-r2c
Rubyzip denial of service Moderate
CVE-2019-16892 was published for rubyzip (RubyGems) Sep 30, 2019
tdunlap607
Credited to tdunlap607
Consul gem insufficient authentication check - Multiple powers in one controller are not always checked correctly Critical
CVE-2019-16377 was published for consul (RubyGems) Sep 27, 2019
Cross-site scripting in padrino-contrib Moderate
CVE-2019-16145 was published for padrino-contrib (RubyGems) Sep 23, 2019
Authentication Bypass in Devise Moderate
CVE-2019-16109 was published for devise (RubyGems) Sep 11, 2019
Airbrake keys not being filtered Critical
CVE-2019-16060 was published for airbrake-ruby (RubyGems) Sep 11, 2019
Cross-site scripting in fat_free_crm Moderate
CVE-2018-20975 was published for fat_free_crm (RubyGems) Aug 21, 2019
rest-client Gem Contains Malicious Code Critical
CVE-2019-15224 was published for awesome-bot (RubyGems) Aug 20, 2019
Nokogiri Command Injection Vulnerability Critical
CVE-2019-5477 was published for nokogiri (RubyGems) Aug 19, 2019
tdunlap607
Credited to tdunlap607
samlr XML nodes comment attack High
CVE-2018-20857 was published for samlr (RubyGems) Jul 31, 2019
datagrid contains code Injection backdoor Critical
CVE-2019-14281 was published for datagrid (RubyGems) Jul 31, 2019
Code backdoor in simple_captcha2 Critical
CVE-2019-14282 was published for simple_captcha2 (RubyGems) Jul 31, 2019
SQL Injection in marginalia Critical
CVE-2019-1010191 was published for marginalia (RubyGems) Jul 26, 2019
Regular Expression Denial of Service (ReDoS) in lodash Moderate
CVE-2019-1010266 was published for lodash (RubyGems) Jul 19, 2019
mitchell-codecov G-Rath
levpachmanov
Credited to mitchell-codecov, G-Rath, and levpachmanov
OS Command Injection in MiniMagick High
CVE-2019-13574 was published for mini_magick (RubyGems) Jul 18, 2019
field_test gem contains injection vulnerability Moderate
CVE-2019-13146 was published for field_test (RubyGems) Jul 16, 2019
paranoid2 gem Code backdoor Critical
CVE-2019-13589 was published for paranoid2 (RubyGems) Jul 16, 2019
Slanger Arbitrary command execution Critical
CVE-2019-1010306 was published for slanger (RubyGems) Jul 16, 2019
Prototype Pollution in lodash Critical
CVE-2019-10744 was published for lodash (RubyGems) Jul 10, 2019
G-Rath
Credited to G-Rath
strong_password Ruby gem malicious version causing Remote Code Execution vulnerability Critical
CVE-2019-13354 was published for strong_password (RubyGems) Jul 8, 2019
OmniAuth-SAML authentication bypass via incorrect XML canonicalization and DOM traversal High
CVE-2017-11430 was published for omniauth-saml (RubyGems) Jul 5, 2019
Ruby-SAML Improper Authentication vulnerability High
CVE-2017-11428 was published for ruby-saml (RubyGems) Jul 5, 2019
Path Traversal vulnerability that affects yard High
CVE-2019-1020001 was published for yard (RubyGems) Jul 2, 2019
RubyGems Escape sequence injection in errors High
CVE-2019-8325 was published for rubygems-update (RubyGems) Jun 20, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database