Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,342
Erlang
31
GitHub Actions
22
Go
2,106
Maven
5,000+
npm
3,764
NuGet
679
pip
3,451
Pub
12
RubyGems
892
Rust
886
Swift
37
Unreviewed advisories
All unreviewed
5,000+

105 advisories

Loading
Slanger Arbitrary command execution Critical
CVE-2019-1010306 was published for slanger (RubyGems) Jul 16, 2019
Recurly gem Server-Side Request Forgery in Resource#find method Critical
CVE-2017-0905 was published for recurly (RubyGems) Dec 6, 2017
RubyGem openshift-origin-controller is vulnerable to command injection Critical
CVE-2013-2095 was published for openshift-origin-controller (RubyGems) May 5, 2022
Safemode Gem Has Incomplete List of Disallowed Inputs Critical
CVE-2017-7540 was published for safemode (RubyGems) Oct 24, 2017
rest-client Gem Vulnerable to Session Fixation Critical
CVE-2015-1820 was published for rest-client (RubyGems) Aug 13, 2018
curupira is vulnerable to SQL injection Critical
CVE-2015-10053 was published for curupira (RubyGems) Jan 16, 2023
strong_password Ruby gem malicious version causing Remote Code Execution vulnerability Critical
CVE-2019-13354 was published for strong_password (RubyGems) Jul 8, 2019
Active Record contains deserialization of arbitrary YAML Critical
CVE-2013-0277 was published for activerecord (RubyGems) Oct 24, 2017
Nokogiri does not forbid namespace nodes in XPointer ranges Critical
CVE-2016-4658 was published for nokogiri (RubyGems) Aug 21, 2018
Creme Fraiche contains OS Command Injection Critical
CVE-2013-2090 was published for cremefraiche (RubyGems) Oct 24, 2017
geokit-rails Command Injection vulnerability Critical
CVE-2023-26153 was published for geokit-rails (RubyGems) Oct 6, 2023
Puma HTTP Request/Response Smuggling vulnerability Critical
CVE-2023-40175 was published for puma (RubyGems) Aug 18, 2023
kenballus
Foreman Transpilation Enables OS Command Injection Critical
CVE-2022-3874 was published for foreman (RubyGems) Sep 22, 2023 withdrawn
drewblas MH4GF
hoshinotsuyoshi fesplugas-drms olleolleolle evgeni mrnovalles aramprice
md2pdf allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename Critical
CVE-2013-1948 was published for md2pdf (RubyGems) Oct 24, 2017
Puppet Bolt privilege escalation vulnerability Critical
CVE-2023-5214 was published for bolt (RubyGems) Oct 6, 2023
Server-Side Template Injection in Camaleon CMS Critical
CVE-2023-30145 was published for camaleon_cms (RubyGems) May 26, 2023
Puppet Improper Access Control Critical
CVE-2016-2785 was published for puppet (RubyGems) May 13, 2022
Prototype Pollution in handlebars Critical
CVE-2019-19919 was published for bootstrap-wysihtml5-rails (RubyGems) Dec 26, 2019
flash_tool Gem for Ruby File Download Handling Arbitrary Command Execution Critical
CVE-2013-2513 was published for flash_tool (RubyGems) Jan 26, 2023
Possible shell escape sequence injection vulnerability in Rack Critical
CVE-2022-30123 was published for rack (RubyGems) May 27, 2022
kurt-r2c
Buffer overrun in CGI.escape_html Critical
CVE-2021-41816 was published for cgi (RubyGems) Dec 14, 2021
kir-b
rails vulnerable to improper authentication Critical
CVE-2009-2422 was published for rails (RubyGems) Oct 24, 2017
discordrb OS Command Injection vulnerability Critical
CVE-2023-28102 was published for discordrb (RubyGems) Mar 14, 2024
Katello uses hard coded credential Critical
CVE-2012-3503 was published for katello (RubyGems) May 17, 2022
postmodern
StringIO buffer overread vulnerability Critical
CVE-2024-27280 was published for stringio (RubyGems) Mar 25, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database