GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
891 advisories
Filter by severity
OpenSSL gem for Ruby using inadequate encryption strength
High
CVE-2016-7798
was published
for
openssl
(RubyGems)
Oct 24, 2017
actionview Cross-site Scripting vulnerability
Moderate
CVE-2016-6316
was published
for
actionview
(RubyGems)
Oct 24, 2017
Directory traversal vulnerability in Action View in Ruby on Rails
High
CVE-2016-0752
was published
for
actionpack
(RubyGems)
Oct 24, 2017
actionpack allows remote code execution via application's unrestricted use of render method
High
CVE-2016-2098
was published
for
actionpack
(RubyGems)
Oct 24, 2017
ActiveRecord in Ruby on Rails allows database-query bypass
High
CVE-2016-6317
was published
for
activerecord
(RubyGems)
Oct 24, 2017
actionview contains Path Traversal vulnerability
Moderate
CVE-2016-2097
was published
for
actionpack
(RubyGems)
Oct 24, 2017
jQuery-UI vulnerable to Cross-site Scripting in dialog closeText
Moderate
CVE-2016-7103
was published
for
jQuery.UI.Combined
(RubyGems)
Oct 24, 2017
actionpack is vulnerable to denial of service via a crafted HTTP Accept header
High
CVE-2016-0751
was published
for
actionpack
(RubyGems)
Oct 24, 2017
Doorkeeper is vulnerable to replay attacks
Critical
CVE-2016-6582
was published
for
doorkeeper
(RubyGems)
Oct 24, 2017
rack-mini-profiler allows remote attackers to obtain sensitive information about allocated strings and objects
Moderate
CVE-2016-4442
was published
for
rack-mini-profiler
(RubyGems)
Oct 24, 2017
activemodel contains Improper Input Validation
Moderate
CVE-2016-0753
was published
for
activemodel
(RubyGems)
Oct 24, 2017
archive-tar-minitar and minitar vulnerable to Path Traversal
High
CVE-2016-10173
was published
for
archive-tar-minitar
(RubyGems)
Oct 24, 2017
safemode gem allows context-dependent attackers to obtain sensitive information via the inspect method
High
CVE-2016-3693
was published
for
safemode
(RubyGems)
Oct 24, 2017
festivaltts4r allows arbitrary command execution
Critical
CVE-2016-10194
was published
for
festivaltts4r
(RubyGems)
Oct 24, 2017
Safemode Gem Has Incomplete List of Disallowed Inputs
Critical
CVE-2017-7540
was published
for
safemode
(RubyGems)
Oct 24, 2017
Directory traversal vulnerability in RubyZip
Critical
CVE-2017-5946
was published
for
rubyzip
(RubyGems)
Oct 24, 2017
espeak-ruby allows arbitrary command execution
Critical
CVE-2016-10193
was published
for
espeak-ruby
(RubyGems)
Oct 24, 2017
sprout Arbitrary Code Execution vulnerability
High
CVE-2013-6421
was published
for
sprout
(RubyGems)
Oct 24, 2017
Webbynode Code Injection vulnerability
High
CVE-2013-7086
was published
for
webbynode
(RubyGems)
Oct 24, 2017
colorscore Command Injection vulnerability
Critical
CVE-2015-7541
was published
for
colorscore
(RubyGems)
Oct 24, 2017
sentry-raven allows remote attackers to cause a denial of service via a large exponent value in a scientific number
Moderate
CVE-2014-9490
was published
for
sentry-raven
(RubyGems)
Oct 24, 2017
Arabic Prawn allows remote attackers to execute arbitrary commands via shell metacharacters
High
CVE-2014-2322
was published
for
arabic-prawn
(RubyGems)
Oct 24, 2017
SQL Injection in Active Record
High
CVE-2014-3482
was published
for
activerecord
(RubyGems)
Oct 24, 2017
Local API Login Credentials Disclosure in paratrooper-pingdom
Low
CVE-2014-1233
was published
for
paratrooper-pingdom
(RubyGems)
Oct 24, 2017
actionpack Path Traversal vulnerability
Moderate
CVE-2014-0130
was published
for
actionpack
(RubyGems)
Oct 24, 2017
ProTip!
Advisories are also available from the
GraphQL API