Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

956 advisories

Loading
radiant vulnerable to Cross-site Scripting Moderate
CVE-2018-7261 was published for radiant (RubyGems) Jul 27, 2018
High severity vulnerability that affects jquery-ui High
GHSA-g8q2-24jh-5hpc was published for jQuery.UI.Combined (RubyGems) Jul 27, 2018 withdrawn
Prototype Pollution in lodash Moderate
CVE-2018-3721 was published for lodash (RubyGems) Jul 26, 2018
G-Rath
Credited to G-Rath
Low severity vulnerability that affects sensu Low
CVE-2018-1000060 was published for sensu (RubyGems) Jul 23, 2018 withdrawn
Ciborg gem for Ruby allows local users to write files and gain privileges via Symlink Moderate
CVE-2014-5003 was published for ciborg (RubyGems) Jul 23, 2018
Kcapifony gem for Ruby places database user passwords on the command line High
CVE-2014-5001 was published for kcapifony (RubyGems) Jul 23, 2018
Sprockets path traversal leads to information leak High
CVE-2018-3760 was published for sprockets (RubyGems) Jun 20, 2018
kurt-r2c
Credited to kurt-r2c
Sinatra Cross-site Scripting vulnerability Moderate
CVE-2018-11627 was published for sinatra (RubyGems) Jun 5, 2018
rails-html-sanitizer Cross-site Scripting vulnerability Moderate
CVE-2018-3741 was published for rails-html-sanitizer (RubyGems) Apr 26, 2018
Uncontrolled resource consumption in nokogiri Moderate
CVE-2017-18258 was published for nokogiri (RubyGems) Apr 13, 2018
Cross-site Scripting in loofah Moderate
CVE-2018-8048 was published for loofah (RubyGems) Mar 21, 2018
tdunlap607
Credited to tdunlap607
Sanitize vulnerable to Improper Input Validation and Cross-site Scripting High
CVE-2018-3740 was published for sanitize (RubyGems) Mar 21, 2018
Cap-Strap gem for Ruby places credentials on the useradd command line High
CVE-2014-4992 was published for cap-strap (RubyGems) Mar 16, 2018
Doorkeeper is vulnerable to stored XSS and code execution Moderate
CVE-2018-1000088 was published for doorkeeper (RubyGems) Mar 13, 2018
tdunlap607
Credited to tdunlap607
http vulnerable to Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2015-1828 was published for http (RubyGems) Mar 13, 2018
rack-protection gem timing attack vulnerability when validating CSRF token Moderate
CVE-2018-1000119 was published for rack-protection (RubyGems) Mar 7, 2018
bson is vulnerable to denial of service due to incorrect regex validation Critical
CVE-2015-4412 was published for bson (RubyGems) Mar 5, 2018
rails_admin ruby gem XSS Moderate
CVE-2017-12098 was published for rails_admin (RubyGems) Mar 5, 2018
brbackup exposes database password to unauthorized users High
CVE-2014-5004 was published for brbackup (RubyGems) Mar 5, 2018
delayed_job_web Cross-site Scripting vulnerability Moderate
CVE-2017-12097 was published for delayed_job_web (RubyGems) Mar 5, 2018
Ox gem stack overflow in sax_parse Moderate
CVE-2017-16229 was published for ox (RubyGems) Mar 5, 2018
Sinatra Path Traversal vulnerability Moderate
CVE-2018-7212 was published for sinatra (RubyGems) Feb 20, 2018
Omniauth allows POST parameters to be stored in session High
CVE-2017-18076 was published for omniauth (RubyGems) Jan 29, 2018
lynx doesn't properly sanitize user input and exposes database password to unauthorized users High
CVE-2014-5002 was published for lynx (RubyGems) Jan 24, 2018
lawn-login exposes database password to unauthorized users High
CVE-2014-5000 was published for lawn-login (RubyGems) Jan 22, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database