Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,342
Erlang
31
GitHub Actions
22
Go
2,106
Maven
5,000+
npm
3,764
NuGet
679
pip
3,451
Pub
12
RubyGems
892
Rust
886
Swift
37
Unreviewed advisories
All unreviewed
5,000+

892 advisories

Loading
Tinfoil Devise-two-factor does not "burn" a successfully validated one-time password (OTP) Moderate
CVE-2015-7225 was published for devise-two-factor (RubyGems) Aug 28, 2018
Gollum Exposure of Sensitive Information Moderate
CVE-2015-7314 was published for gollum (RubyGems) Aug 28, 2018
ember-source Cross-site Scripting vulnerability Low
CVE-2014-0046 was published for ember-source (RubyGems) Aug 28, 2018
tdunlap607
ember-source Cross-site Scripting vulnerability Moderate
CVE-2015-7565 was published for ember-source (RubyGems) Aug 28, 2018
oliverchang
Nokogiri does not forbid namespace nodes in XPointer ranges Critical
CVE-2016-4658 was published for nokogiri (RubyGems) Aug 21, 2018
High severity vulnerability that affects activerecord High
GHSA-hm48-76wh-q86v was published for activerecord (RubyGems) Aug 21, 2018 withdrawn
Nokogiri subject to DoS via libxml2 vulnerability High
CVE-2015-5312 was published for nokogiri (RubyGems) Aug 21, 2018
High severity vulnerability that affects espeak-ruby High
GHSA-w655-w578-99pq was published for espeak-ruby (RubyGems) Aug 21, 2018 withdrawn
Ruby-saml allows attackers to perform XML signature wrapping attacks High
CVE-2016-5697 was published for ruby-saml (RubyGems) Aug 21, 2018
Phusion Passenger uses a known /tmp filename High
CVE-2016-10345 was published for passenger (RubyGems) Aug 21, 2018
Moderate severity vulnerability that affects archive-tar-minitar and minitar Moderate
GHSA-cwp3-834g-x79g was published for archive-tar-minitar (RubyGems) Aug 21, 2018 withdrawn
Git-fastclone passes user modifiable strings directly to a shell command Critical
CVE-2015-8969 was published for git-fastclone (RubyGems) Aug 15, 2018
redcarpet Buffer Overflow vulnerability High
CVE-2015-5147 was published for redcarpet (RubyGems) Aug 15, 2018
tdunlap607
High severity vulnerability that affects festivaltts4r High
GHSA-9wv8-jgw4-4g28 was published for festivaltts4r (RubyGems) Aug 15, 2018 withdrawn
High severity vulnerability that affects colorscore High
GHSA-9wcm-rrvh-qjc8 was published for colorscore (RubyGems) Aug 15, 2018 withdrawn
git-fastclone permits arbitrary shell command execution from .gitmodules High
CVE-2015-8968 was published for git-fastclone (RubyGems) Aug 15, 2018
Moderate severity vulnerability that affects doorkeeper Moderate
GHSA-5p9f-55j8-922m was published for doorkeeper (RubyGems) Aug 13, 2018 withdrawn
Moderate severity vulnerability that affects activerecord Moderate
GHSA-m8h6-m9p5-p2f8 was published for activerecord (RubyGems) Aug 13, 2018 withdrawn
Moderate severity vulnerability that affects actionview Moderate
GHSA-2pwf-xwr3-hp55 was published for actionview (RubyGems) Aug 13, 2018 withdrawn
High severity vulnerability that affects actionpack High
GHSA-hx46-vwmx-wx95 was published for actionpack (RubyGems) Aug 13, 2018 withdrawn
Moderate severity vulnerability that affects web-console Moderate
GHSA-82x2-g7vr-39wq was published for web-console (RubyGems) Aug 13, 2018 withdrawn
Moderate severity vulnerability that affects paperclip Moderate
GHSA-phmw-pv3f-vvx7 was published for paperclip (RubyGems) Aug 13, 2018 withdrawn
rest-client Gem Vulnerable to Session Fixation Critical
CVE-2015-1820 was published for rest-client (RubyGems) Aug 13, 2018
Moderate severity vulnerability that affects rack-mini-profiler Moderate
GHSA-995j-587r-259w was published for rack-mini-profiler (RubyGems) Aug 13, 2018 withdrawn
Doorkeeper subject to Incorrect Permission Assignment High
CVE-2018-1000211 was published for doorkeeper (RubyGems) Aug 13, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database