GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,984
Maven
5,000+
npm
3,701
NuGet
657
pip
3,325
Pub
11
RubyGems
882
Rust
835
Swift
35
Unreviewed advisories
All unreviewed
5,000+
17 advisories
Filter by severity
Active Record contains deserialization of arbitrary YAML
Critical
CVE-2013-0277
was published
for
activerecord
(RubyGems)
Oct 24, 2017
redis-store deserializes untrusted data
Critical
CVE-2017-1000248
was published
for
redis-store
(RubyGems)
Dec 6, 2017
Improper Access Control in activejob
High
CVE-2018-16476
was published
for
activejob
(RubyGems)
Dec 5, 2018
Slanger Arbitrary command execution
Critical
CVE-2019-1010306
was published
for
slanger
(RubyGems)
Jul 16, 2019
ActiveSupport potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
Critical
CVE-2020-8165
was published
for
activesupport
(RubyGems)
May 26, 2020
Possible Strong Parameters Bypass in ActionPack
High
CVE-2020-8164
was published
for
actionpack
(RubyGems)
May 26, 2020
RubyGems vulnerable to Deserialization of Untrusted Data
Critical
CVE-2017-0903
was published
for
rubygems-update
(RubyGems)
May 13, 2022
RubyGems Deserialization of Untrusted Data vulnerability
High
CVE-2018-1000074
was published
for
org.jruby:jruby-stdlib
(RubyGems)
May 14, 2022
Metasploit Framework user exposes Metasploit to same deserialization issue that is exploited by that module
High
CVE-2020-7385
was published
for
metasploit-framework
(RubyGems)
May 24, 2022
JMESPath for Ruby uses unsafe JSON.load when safe JSON.parse is preferable
Critical
CVE-2022-32511
was published
for
jmespath
(RubyGems)
Jun 7, 2022
opensearch-ruby 2.x before 2.0.2 vulnerable to unsafe YAML deserialization
High
CVE-2022-31115
was published
for
opensearch-ruby
(RubyGems)
Jul 5, 2022
Active Record RCE bug with Serialized Columns
Critical
CVE-2022-32224
was published
for
activerecord
(RubyGems)
Jul 12, 2022
fluentd vulnerable to remote code execution due to insecure deserialization (in non-default configuration)
Low
CVE-2022-39379
was published
for
fluentd
(RubyGems)
Nov 2, 2022
Withdrawn: Fortra GoAnywhere MFT Deserialization of Untrusted Data vulnerability affects metasploit-framework
High
CVE-2023-0669
was published
for
metasploit-framework
(RubyGems)
Feb 6, 2023
•
withdrawn
Kredis JSON Possible Deserialization of Untrusted Data Vulnerability
Moderate
CVE-2023-27531
was published
for
kredis
(RubyGems)
Jun 9, 2023
geokit-rails Command Injection vulnerability
Critical
CVE-2023-26153
was published
for
geokit-rails
(RubyGems)
Oct 6, 2023
RDoc RCE vulnerability with .rdoc_options
Moderate
CVE-2024-27281
was published
for
rdoc
(RubyGems)
Mar 25, 2024
ProTip!
Advisories are also available from the
GraphQL API