Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

956 advisories

Loading
RubyGems Delete directory using symlink when decompressing tar High
CVE-2019-8320 was published for rubygems-update (RubyGems) Jun 20, 2019
Code injection in RubyGems High
CVE-2019-8324 was published for rubygems-update (RubyGems) Jun 20, 2019
RubyGems Escape sequence injection vulnerability in verbose High
CVE-2019-8321 was published for rubygems-update (RubyGems) Jun 20, 2019
RubyGems Escape sequence injection vulnerability in gem owner High
CVE-2019-8322 was published for rubygems-update (RubyGems) Jun 20, 2019
RubyGems Escape sequence injection vulnerability in api response handling High
CVE-2019-8323 was published for rubygems-update (RubyGems) Jun 20, 2019
ruby-openid SSRF via claimed_id request Critical
CVE-2019-11027 was published for ruby-openid (RubyGems) Jun 13, 2019
Cross-site Scripting in Chartkick Moderate
CVE-2019-12732 was published for chartkick (RubyGems) Jun 7, 2019
OmniAuth Ruby gem Cross-site Request Forgery in request phase High
CVE-2015-9284 was published for omniauth (RubyGems) May 29, 2019
G-Rath eugeneius
Credited to G-Rath and eugeneius
XSS in jQuery as used in Drupal, Backdrop CMS, and other products Moderate
CVE-2019-11358 was published for django (RubyGems) Apr 26, 2019
klaudialax eoftedal
Rudloff
Credited to klaudialax, eoftedal, and Rudloff
Duplicate Advisory: Prototype Pollution in jquery Moderate
CVE-2019-5428 was published for jquery (RubyGems) Apr 23, 2019 withdrawn
kurt-r2c
Credited to kurt-r2c
Bootstrap-sass contains code execution backdoor Critical
CVE-2019-10842 was published for bootstrap-sass (RubyGems) Apr 4, 2019
Improper Certificate Validation in chloride High
CVE-2018-6517 was published for chloride (RubyGems) Mar 25, 2019
Doorkeeper-openid_connect contains Open Redirect Moderate
CVE-2019-9837 was published for doorkeeper-openid_connect (RubyGems) Mar 25, 2019
devise Time-of-check Time-of-use Race Condition vulnerability Moderate
CVE-2019-5421 was published for devise (RubyGems) Mar 19, 2019
Use of Insufficiently Random Values in Railties Allows Remote Code Execution Critical
CVE-2019-5420 was published for railties (RubyGems) Mar 13, 2019
Path Traversal in Action View High
CVE-2019-5418 was published for actionview (RubyGems) Mar 13, 2019
Denial of Service Vulnerability in Action View High
CVE-2019-5419 was published for actionview (RubyGems) Mar 13, 2019
Bootstrap Vulnerable to Cross-Site Scripting Moderate
CVE-2019-8331 was published for Bootstrap.Less (RubyGems) Feb 22, 2019
Prototype Pollution in lodash High
CVE-2018-16487 was published for lodash (RubyGems) Feb 7, 2019
G-Rath
Credited to G-Rath
High severity vulnerability that affects many_versioned_gem High
GHSA-hhxm-4f85-rgr8 was published for many_versioned_gem (RubyGems) Feb 5, 2019 withdrawn
Nokogiri NULL Pointer Dereference High
CVE-2018-14404 was published for nokogiri (RubyGems) Jan 17, 2019
bootstrap Cross-site Scripting vulnerability Moderate
CVE-2018-20677 was published for bootstrap (RubyGems) Jan 17, 2019
tdunlap607
Credited to tdunlap607
XSS vulnerability that affects bootstrap Moderate
CVE-2018-20676 was published for bootstrap (RubyGems) Jan 17, 2019
tdunlap607
Credited to tdunlap607
Bootstrap Cross-site Scripting vulnerability Moderate
CVE-2016-10735 was published for bootstrap (RubyGems) Jan 17, 2019
roka-actico
Credited to roka-actico
Cross Site Scripting (XSS) vulnerability in easymon Moderate
CVE-2018-1000855 was published for easymon (RubyGems) Dec 21, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database