Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,354
Erlang
31
GitHub Actions
22
Go
2,120
Maven
5,000+
npm
3,779
NuGet
681
pip
3,460
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

892 advisories

Loading
Action Pack contains Information Disclosure / Unintended Method Execution vulnerability High
CVE-2021-22885 was published for actionpack (RubyGems) May 5, 2021
Possible Open Redirect Vulnerability in Action Pack Moderate
CVE-2021-22903 was published for actionpack (RubyGems) May 5, 2021
Denial of Service in Action Dispatch High
CVE-2021-22902 was published for actionpack (RubyGems) May 5, 2021
REXML round-trip instability High
CVE-2021-28965 was published for rexml (RubyGems) Apr 30, 2021
Gon gem lack of escaping certain input when outputting as JSON Moderate
CVE-2020-25739 was published for gon (RubyGems) Apr 30, 2021
Pgsync Contains Cleartext Transmission of Sensitive Information High
CVE-2021-31671 was published for pgsync (RubyGems) Apr 27, 2021
Improper Certificate Validation in oauth ruby gem High
CVE-2016-11086 was published for oauth (RubyGems) Apr 22, 2021
Cross-Site Request Forgery (CSRF) in trestle-auth High
CVE-2021-29435 was published for trestle-auth (RubyGems) Apr 13, 2021
tomekr aj-hall
utkanos
Improper Certificate Validation in TweetStream Moderate
CVE-2020-24393 was published for tweetstream (RubyGems) Apr 13, 2021
Improper Certificate Validation in Puppet Moderate
CVE-2020-7942 was published for puppet (RubyGems) Apr 13, 2021
Cross-site scripting in actionpack Moderate
CVE-2020-8264 was published for actionpack (RubyGems) Apr 7, 2021
Remote code execution in Kramdown High
CVE-2021-28834 was published for kramdown (RubyGems) Mar 29, 2021
Improper Certificate Validation in twitter-stream Moderate
CVE-2020-24392 was published for twitter-stream (RubyGems) Mar 29, 2021
Activerecord-session_store Vulnerable to Timing Attack Moderate
CVE-2019-25025 was published for activerecord-session_store (RubyGems) Mar 9, 2021
Actionpack Open Redirect Vulnerability Moderate
CVE-2021-22881 was published for actionpack (RubyGems) Mar 2, 2021
Active Record subject to Regular Expression Denial-of-Service (ReDoS) High
CVE-2021-22880 was published for activerecord (RubyGems) Mar 2, 2021
Cross-Site Request Forgery (CSRF) Moderate
GHSA-wj5j-xpcj-45gc was published for devise_invitable (RubyGems) Feb 24, 2021 withdrawn
Backdoor / Malicious code Critical
GHSA-q2hm-gx3f-h63q was published for lita-coin (RubyGems) Feb 23, 2021 withdrawn
Code Injection vulnerability in CarrierWave::RMagick High
CVE-2021-21305 was published for carrierwave (RubyGems) Feb 8, 2021
wonda-tea-coffee
Server-side request forgery in CarrierWave Moderate
CVE-2021-21288 was published for carrierwave (RubyGems) Feb 8, 2021
chadwilken phosphore
Command Injection Vulnerability in Mechanize High
CVE-2021-21289 was published for mechanize (RubyGems) Feb 2, 2021
kyoshidajp
rails_admin ruby gem XSS vulnerability Moderate
CVE-2020-36190 was published for rails_admin (RubyGems) Jan 14, 2021
Injection/XSS in Redcarpet Moderate
CVE-2020-26298 was published for redcarpet (RubyGems) Jan 11, 2021
Nokogiri::XML::Schema trusts input by default, exposing risk of XXE vulnerability Moderate
CVE-2020-26247 was published for nokogiri (RubyGems) Dec 30, 2020
eric-therond
omniauth-apple allows attacker to fake their email address during authentication High
CVE-2020-26254 was published for omniauth-apple (RubyGems) Dec 8, 2020
davidtaylorhq
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database