Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,300
Erlang
31
GitHub Actions
21
Go
2,069
Maven
5,000+
npm
3,744
NuGet
668
pip
3,429
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+

892 advisories

Loading
bootstrap Cross-site Scripting vulnerability Moderate
CVE-2018-20677 was published for bootstrap (RubyGems) Jan 17, 2019
tdunlap607
Bootstrap Cross-site Scripting vulnerability Moderate
CVE-2018-14042 was published for bootstrap (RubyGems) Sep 13, 2018
tdunlap607 1Jesper1
Bootstrap Cross-site Scripting vulnerability Moderate
CVE-2016-10735 was published for bootstrap (RubyGems) Jan 17, 2019
roka-actico
XSS vulnerability that affects bootstrap Moderate
CVE-2018-20676 was published for bootstrap (RubyGems) Jan 17, 2019
tdunlap607
REXML denial of service vulnerability Moderate
CVE-2024-39908 was published for rexml (RubyGems) Jul 16, 2024
Bootstrap Cross-site Scripting vulnerability Moderate
CVE-2018-14041 was published for bootstrap (RubyGems) Sep 13, 2018
jenhae
Bootstrap Vulnerable to Cross-Site Scripting Moderate
CVE-2019-8331 was published for Bootstrap.Less (RubyGems) Feb 22, 2019
RailsAdmin Cross-site Scripting vulnerability in the list view Moderate
CVE-2024-39308 was published for rails_admin (RubyGems) Jul 8, 2024
mshibuya
Decidim vulnerable to data disclosure through the embed feature Moderate
CVE-2024-27090 was published for decidim (RubyGems) Jul 10, 2024
Decidim cross-site scripting (XSS) in the admin panel Moderate
CVE-2024-27095 was published for decidim-admin (RubyGems) Jul 10, 2024
Excessive Iteration in gRPC High
CVE-2023-33953 was published for grpc (RubyGems) Aug 9, 2023
levpachmanov
Directory traversal vulnerability in Action View in Ruby on Rails High
CVE-2016-0752 was published for actionpack (RubyGems) Oct 24, 2017
REXML contains a denial of service vulnerability Moderate
CVE-2024-35176 was published for rexml (RubyGems) May 16, 2024
avo vulnerable to Stored XSS (Cross Site Scripting) in html content based fields High
CVE-2023-34103 was published for avo (RubyGems) Jun 6, 2023
FLX-0x00 Mys7ic
avo possible unsafe reflection / partial DoS vulnerability High
CVE-2023-34102 was published for avo (RubyGems) Jun 6, 2023
FLX-0x00
Race condition in Endorsements Low
CVE-2023-47634 was published for decidim (RubyGems) Feb 20, 2024
microstudi alecslupu
andreslucena
Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial) Moderate
CVE-2024-25126 was published for rack (RubyGems) Feb 28, 2024
byroot
Rails has possible Sensitive Session Information Leak in Active Storage Moderate
CVE-2024-26144 was published for activestorage (RubyGems) Feb 27, 2024
yoshizawa-masatoshi tyage
postmodern
Rails has possible XSS Vulnerability in Action Controller Moderate
CVE-2024-26143 was published for actionpack (RubyGems) Feb 27, 2024
ooooooo-q yoshizawa-masatoshi
postmodern stdedos
Trix Editor Arbitrary Code Execution Vulnerability Moderate
CVE-2024-34341 was published for actiontext (RubyGems) May 7, 2024
chadlwilson
rack-contrib vulnerable to Denial of Service due to the unconstrained value of the incoming "profiler_runs" parameter High
CVE-2024-35231 was published for rack-contrib (RubyGems) May 28, 2024
Sim4n6 ioquatix
Kaminari Insecure File Permissions Vulnerability Moderate
CVE-2024-32978 was published for kaminari (RubyGems) May 28, 2024
G-Rath
pubnub Insufficient Entropy vulnerability Moderate
CVE-2023-26154 was published for Pubnub (RubyGems) Dec 6, 2023
Duplicate Advisory: Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459 Low
GHSA-r3w4-36x6-7r99 was published for nokogiri (RubyGems) May 14, 2024 withdrawn
Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459 Low
GHSA-r95h-9x8f-r3f7 was published for nokogiri (RubyGems) May 13, 2024
CommanderStorm postmodern
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database