GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
955 advisories
Cross-Site Scripting (XSS) vulnerability through unescaped HTML attribute values
High
GHSA-52c5-vh7f-26fx
was published
for
prosemirror_to_html
(RubyGems)
Nov 6, 2025
activesupport Cross-site Scripting vulnerability
Moderate
CVE-2015-3226
was published
for
activesupport
(RubyGems)
Oct 24, 2017
URI gem has ReDoS vulnerability
Moderate
CVE-2023-36617
was published
for
uri
(RubyGems)
Jun 29, 2023
Sinatra vulnerable to Reflected File Download attack
High
CVE-2022-45442
was published
for
sinatra
(RubyGems)
Nov 30, 2022
XSS in the `of` option of the `.position()` util in jquery-ui
Moderate
CVE-2021-41184
was published
for
jQuery.UI.Combined
(RubyGems)
Oct 26, 2021
Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection
Moderate
CVE-2025-27111
was published
for
rack
(RubyGems)
Mar 4, 2025
Puma HTTP Request/Response Smuggling vulnerability
Moderate
CVE-2024-21647
was published
for
puma
(RubyGems)
Jan 8, 2024
Rails::Html::Sanitizer vulnerable to Cross-site Scripting
Moderate
CVE-2022-32209
was published
for
rails-html-sanitizer
(RubyGems)
Jun 25, 2022
ProTip!
Advisories are also available from the
GraphQL API