GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
300 advisories
Filter by severity
OS Command Injection in MiniMagick
High
CVE-2019-13574
was published
for
mini_magick
(RubyGems)
Jul 18, 2019
Ruby_parser-legacy Incorrect Permission Assignment for Critical Resource
High
CVE-2019-18409
was published
for
ruby_parser-legacy
(RubyGems)
Oct 25, 2019
JSON-jwt Gem lacked element count during splitting of JWE string
High
CVE-2019-18848
was published
for
json-jwt
(RubyGems)
Nov 14, 2019
Prototype Pollution in chartkick
High
CVE-2019-18841
was published
for
chartkick
(RubyGems)
Dec 2, 2019
XSS/Script injection vulnerability in matestack
High
CVE-2020-5241
was published
for
matestack-ui-core
(RubyGems)
Feb 12, 2020
libxml as used in Nokogiri has an infinite loop in a certain end-of-file situation
High
CVE-2020-7595
was published
for
nokogiri
(RubyGems)
Feb 24, 2020
Denial of Service in uap-core when processing crafted User-Agent strings
High
GHSA-pcqq-5962-hvcw
was published
for
user_agent_parser
(RubyGems)
Mar 10, 2020
Sort order SQL injection in Administrate
High
CVE-2020-5257
was published
for
administrate
(RubyGems)
Mar 13, 2020
BSON rubygem contains potential denial of service
High
CVE-2015-4411
was published
for
bson
(RubyGems)
Apr 29, 2020
Authentication and extension bypass in Faye
High
CVE-2020-11020
was published
for
faye
(RubyGems)
Apr 29, 2020
Exposure of Sensitive Information to an Unauthorized Actor in Doorkeeper
High
CVE-2020-10187
was published
for
doorkeeper
(RubyGems)
May 7, 2020
Improper Restriction of Excessive Authentication Attempts in Sorcery
High
CVE-2020-11052
was published
for
sorcery
(RubyGems)
May 7, 2020
Information disclosure issue in Active Resource
High
CVE-2020-8151
was published
for
activeresource
(RubyGems)
May 21, 2020
HTTP Smuggling via Transfer-Encoding Header in Puma
High
CVE-2020-11076
was published
for
puma
(RubyGems)
May 22, 2020
Possible Strong Parameters Bypass in ActionPack
High
CVE-2020-8164
was published
for
actionpack
(RubyGems)
May 26, 2020
Circumvention of file size limits in ActiveStorage
High
CVE-2020-8162
was published
for
activestorage
(RubyGems)
May 26, 2020
Regular Expression Denial of Service in websocket-extensions (RubyGem)
High
CVE-2020-7663
was published
for
websocket-extensions
(RubyGems)
Jun 5, 2020
Cross-site Scripting in Sanitize
High
CVE-2020-4054
was published
for
sanitize
(RubyGems)
Jun 16, 2020
Rack allows Percent-encoded cookies to overwrite existing prefixed cookie names
High
CVE-2020-8184
was published
for
rack
(RubyGems)
Jun 24, 2020
Directory traversal in Rack::Directory app bundled with Rack
High
CVE-2020-8161
was published
for
rack
(RubyGems)
Jul 6, 2020
Remote code execution via user-provided local names in ActionView
High
CVE-2020-8163
was published
for
actionview
(RubyGems)
Jul 7, 2020
Unsafe object creation in json RubyGem
High
CVE-2020-10663
was published
for
json
(RubyGems)
Jul 27, 2020
Missing TLS certificate verification
High
CVE-2020-15134
was published
for
faye
(RubyGems)
Jul 31, 2020
Missing TLS certificate verification in faye-websocket
High
CVE-2020-15133
was published
for
faye-websocket
(RubyGems)
Jul 31, 2020
ProTip!
Advisories are also available from the
GraphQL API