Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,342
Erlang
31
GitHub Actions
22
Go
2,106
Maven
5,000+
npm
3,764
NuGet
679
pip
3,451
Pub
12
RubyGems
892
Rust
886
Swift
37
Unreviewed advisories
All unreviewed
5,000+

892 advisories

Loading
HTTP Request Smuggling in reel High
CVE-2020-7659 was published for reel (RubyGems) May 24, 2021
Information disclosure issue in Active Resource High
CVE-2020-8151 was published for activeresource (RubyGems) May 21, 2020
The rack-cors rubygem may allow directory traveral Moderate
CVE-2019-18978 was published for rack-cors (RubyGems) Nov 15, 2019
Cross-site Scripting in Chartkick Moderate
CVE-2019-12732 was published for chartkick (RubyGems) Jun 7, 2019
Publify Improper Input Validation vulnerability Critical
CVE-2023-0299 was published for publify_core (RubyGems) Jan 14, 2023
Publify Core does not strip metadata from images Moderate
CVE-2022-2815 was published for publify_core (RubyGems) Jan 14, 2023
activesupport vulnerable to Denial of Service via large XML document depth Moderate
CVE-2015-3227 was published for activesupport (RubyGems) Oct 24, 2017
private_address_check vulnerable to bypass of Resolv.getaddresses method Moderate
CVE-2017-0904 was published for private_address_check (RubyGems) Nov 29, 2017
Loofah Cross-site Scripting vulnerability Moderate
CVE-2018-16468 was published for loofah (RubyGems) Nov 1, 2018
Fat Free CRM subject to Cross-site Scripting Moderate
CVE-2014-5441 was published for fat_free_crm (RubyGems) May 17, 2022
Fat Free CRM vulnerable to Exposure of Sensitive Information Moderate
CVE-2013-7249 was published for fat_free_crm (RubyGems) May 17, 2022
Fat Free CRM vulnerable to SQL Injection Moderate
CVE-2013-7225 was published for fat_free_crm (RubyGems) May 17, 2022
Fat Free CRM allows remote attackers to obtain sensitive information via a direct request Moderate
CVE-2013-7224 was published for fat_free_crm (RubyGems) May 17, 2022
Fat Free CRM contains Cross-site Request Forgery vulnerablilities Moderate
CVE-2013-7223 was published for fat_free_crm (RubyGems) May 17, 2022
backup-agoddard and backup_checksum have Information Exposure vulnerability High
CVE-2014-4993 was published for backup-agoddard (RubyGems) May 14, 2022
Doorkeeper subject to Incorrect Permission Assignment High
CVE-2018-1000211 was published for doorkeeper (RubyGems) Aug 13, 2018
private_address_check contains Incomplete List of Disallowed Inputs High
CVE-2017-0909 was published for private_address_check (RubyGems) Nov 30, 2017
ExifTool vulnerable to arbitrary code execution High
GHSA-q95h-cqrv-8jv5 was published for exiftool_vendored (RubyGems) Jan 20, 2023
dgollahon
active-support impersonates 'activesupport' gem Critical
CVE-2018-3779 was published for active-support (RubyGems) Aug 13, 2018
personnummer/ruby vulnerable to Improper Input Validation Low
GHSA-vp9c-fpxx-744v was published for personnummer (RubyGems) Sep 23, 2020
Integer Overflow or Wraparound in libxml2 affects Nokogiri High
GHSA-cgx6-hpwq-fhv5 was published for nokogiri (RubyGems) May 18, 2022
XML Injection in Xerces Java affects Nokogiri Moderate
GHSA-xxx9-3xcr-gjj3 was published for nokogiri (RubyGems) Apr 11, 2022
Out-of-bounds Write in zlib affects Nokogiri High
GHSA-v6gp-9mmm-c6p5 was published for nokogiri (RubyGems) Apr 11, 2022
Denial of Service (DoS) in Nokogiri on JRuby High
GHSA-gx8x-g87m-h5q6 was published for nokogiri (RubyGems) Apr 11, 2022
Vulnerable dependencies in Nokogiri High
GHSA-fq42-c5rg-92c2 was published for nokogiri (RubyGems) Feb 25, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database