Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,179
Erlang
31
GitHub Actions
19
Go
1,982
Maven
5,000+
npm
3,701
NuGet
656
pip
3,323
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+

105 advisories

Loading
omniauth-saml vulnerable to Improper Verification of Cryptographic Signature Critical
GHSA-cvp8-5r8g-fhvq was published for omniauth-saml (RubyGems) Sep 11, 2024
ahacker1-securesaml suprnova32
rajiv bufferoverflow
SAML authentication bypass via Incorrect XPath selector Critical
CVE-2024-45409 was published for ruby-saml (RubyGems) Sep 10, 2024
ahacker1-securesaml
Command Injection in sequenceserver Critical
CVE-2024-42360 was published for sequenceserver (RubyGems) Aug 13, 2024
drpowell tadast
StringIO buffer overread vulnerability Critical
CVE-2024-27280 was published for stringio (RubyGems) Mar 25, 2024
discordrb OS Command Injection vulnerability Critical
CVE-2023-28102 was published for discordrb (RubyGems) Mar 14, 2024
Puppet Bolt privilege escalation vulnerability Critical
CVE-2023-5214 was published for bolt (RubyGems) Oct 6, 2023
geokit-rails Command Injection vulnerability Critical
CVE-2023-26153 was published for geokit-rails (RubyGems) Oct 6, 2023
Foreman Transpilation Enables OS Command Injection Critical
CVE-2022-3874 was published for foreman (RubyGems) Sep 22, 2023 withdrawn
drewblas MH4GF
hoshinotsuyoshi fesplugas-drms olleolleolle evgeni mrnovalles aramprice
Puma HTTP Request/Response Smuggling vulnerability Critical
CVE-2023-40175 was published for puma (RubyGems) Aug 18, 2023
kenballus
ruby-saml vulnerable to XPath injection Critical
CVE-2015-20108 was published for ruby-saml (RubyGems) May 27, 2023
Server-Side Template Injection in Camaleon CMS Critical
CVE-2023-30145 was published for camaleon_cms (RubyGems) May 26, 2023
Buffer overflow in sponge queue functions Critical
CVE-2022-37454 was published for pysha3 (RubyGems) Apr 26, 2023
Code injection in pdf_info Critical
CVE-2022-36231 was published for pdf_info (RubyGems) Feb 24, 2023
flash_tool Gem for Ruby File Download Handling Arbitrary Command Execution Critical
CVE-2013-2513 was published for flash_tool (RubyGems) Jan 26, 2023
curupira is vulnerable to SQL injection Critical
CVE-2015-10053 was published for curupira (RubyGems) Jan 16, 2023
Integer overflow in publify_core Critical
CVE-2022-1812 was published for publify_core (RubyGems) Jan 14, 2023
Publify Improper Input Validation vulnerability Critical
CVE-2023-0299 was published for publify_core (RubyGems) Jan 14, 2023
PDFKit vulnerable to Command Injection Critical
CVE-2022-25765 was published for pdfkit (RubyGems) Sep 10, 2022
wonda-tea-coffee kiafaldorius
OmniAuth's `lib/omniauth/failure_endpoint.rb` does not escape `message_key` value Critical
CVE-2020-36599 was published for omniauth (RubyGems) Aug 19, 2022
gsimoesr
Active Record RCE bug with Serialized Columns Critical
CVE-2022-32224 was published for activerecord (RubyGems) Jul 12, 2022
OS Command Injection in awesome spawn Critical
CVE-2014-0156 was published for awesome_spawn (RubyGems) Jul 1, 2022
BenK0lin
Improper handling of double quotes in file name in Diffy in Windows environment Critical
CVE-2022-33127 was published for diffy (RubyGems) Jun 24, 2022
JMESPath for Ruby uses unsafe JSON.load when safe JSON.parse is preferable Critical
CVE-2022-32511 was published for jmespath (RubyGems) Jun 7, 2022
plygrnd tdunlap607
Arbitrary file write in dragonfly Critical
CVE-2021-33473 was published for dragonfly (RubyGems) Jun 3, 2022
Possible shell escape sequence injection vulnerability in Rack Critical
CVE-2022-30123 was published for rack (RubyGems) May 27, 2022
kurt-r2c
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database