GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
300 advisories
Filter by severity
Dragonfly Code Injection vulnerability
High
CVE-2013-1756
was published
for
dragonfly
(RubyGems)
Oct 24, 2017
actionpack Improper Input Validation vulnerability
High
CVE-2013-0156
was published
for
actionpack
(RubyGems)
Oct 24, 2017
crack does not properly restrict casts of string values
High
CVE-2013-1800
was published
for
crack
(RubyGems)
Oct 24, 2017
Thumbshooter vulnerable to Code Injection
High
CVE-2013-1898
was published
for
thumbshooter
(RubyGems)
Oct 24, 2017
fastreader Gem for Ruby URI Handling Arbitrary Command Injection
High
CVE-2013-2615
was published
for
fastreader
(RubyGems)
Oct 24, 2017
extlib does not properly restrict casts of string values
High
CVE-2013-1802
was published
for
extlib
(RubyGems)
Oct 24, 2017
MiniMagick Gem for Ruby URI Handling Arbitrary Command Injection
High
CVE-2013-2616
was published
for
mini_magick
(RubyGems)
Oct 24, 2017
Curl Gem insufficient URL escaping command injection
High
CVE-2013-2617
was published
for
curl
(RubyGems)
Oct 24, 2017
Improper Input Validation in multi_xml
High
CVE-2013-0175
was published
for
multi_xml
(RubyGems)
Oct 24, 2017
JSON gem has Improper Input Validation vulnerability
High
CVE-2013-0269
was published
for
json
(RubyGems)
Oct 24, 2017
High severity vulnerability that affects thin
High
CVE-2009-3287
was published
for
thin
(RubyGems)
Oct 24, 2017
High severity vulnerability that affects rails.
High
CVE-2006-4112
was published
for
rails
(RubyGems)
Oct 24, 2017
Ruby on Rails vulnerable to code injection
High
CVE-2006-4111
was published
for
rails
(RubyGems)
Oct 24, 2017
activerecord vulnerable to SQL Injection
High
CVE-2011-2930
was published
for
activerecord
(RubyGems)
Oct 24, 2017
actionpack allows remote attackers to bypass intended access restrictions
High
CVE-2011-0449
was published
for
actionpack
(RubyGems)
Oct 24, 2017
activerecord vulnerable to SQL Injection
High
CVE-2012-2695
was published
for
activerecord
(RubyGems)
Oct 24, 2017
activerecord vulnerable to SQL Injection
High
CVE-2011-0448
was published
for
activerecord
(RubyGems)
Oct 24, 2017
Rails ActiveRecord gem vulnerable to SQL injection
High
CVE-2008-4094
was published
for
activerecord
(RubyGems)
Oct 24, 2017
Mail Gem Improper Input Validation vulnerability
High
CVE-2012-2140
was published
for
mail
(RubyGems)
Oct 24, 2017
gollum and gollum-lib allow remote authenticated users to execute arbitrary code
High
CVE-2014-9489
was published
for
gollum
(RubyGems)
Nov 16, 2017
Ox gem crashes due to a crafted input
High
CVE-2017-15928
was published
for
ox
(RubyGems)
Nov 21, 2017
yajl-ruby gem Denial of Service vulnerability
High
CVE-2017-16516
was published
for
yajl-ruby
(RubyGems)
Nov 28, 2017
private_address_check contains Incomplete List of Disallowed Inputs
High
CVE-2017-0909
was published
for
private_address_check
(RubyGems)
Nov 30, 2017
ProTip!
Advisories are also available from the
GraphQL API