GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
1,996
Maven
5,000+
npm
3,709
NuGet
661
pip
3,348
Pub
11
RubyGems
885
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
255,714 advisories
Filter by severity
Multiple XSS Filter Bypasses in validator
Moderate
CVE-2013-7454
was published
for
validator
(npm)
Oct 24, 2017
VBScript Content Injection in marked
Moderate
CVE-2015-1370
was published
for
marked
(npm)
Oct 24, 2017
Moderate severity vulnerability that affects validator
Moderate
CVE-2013-7451
was published
for
validator
(npm)
Oct 24, 2017
Moderate severity vulnerability that affects validator
Moderate
CVE-2013-7452
was published
for
validator
(npm)
Oct 24, 2017
Moderate severity vulnerability that affects handlebars
Moderate
GHSA-fmr4-7g9q-7hc7
was published
for
handlebars
(npm)
Oct 24, 2017
•
withdrawn
actionpack Improper Input Validation vulnerability
Moderate
CVE-2014-0082
was published
for
actionpack
(RubyGems)
Oct 24, 2017
dns-sync command injection vulnerability
Critical
CVE-2014-9682
was published
for
dns-sync
(npm)
Oct 24, 2017
facter, hiera, mcollective-client, and puppet affected by untrusted search path vulnerability
Moderate
CVE-2014-3248
was published
for
facter
(RubyGems)
Oct 24, 2017
Mail Gem CRLF Injection vulnerability
Moderate
CVE-2015-9097
was published
for
mail
(RubyGems)
Oct 24, 2017
sentry-raven allows remote attackers to cause a denial of service via a large exponent value in a scientific number
Moderate
CVE-2014-9490
was published
for
sentry-raven
(RubyGems)
Oct 24, 2017
colorscore Command Injection vulnerability
Critical
CVE-2015-7541
was published
for
colorscore
(RubyGems)
Oct 24, 2017
Arabic Prawn allows remote attackers to execute arbitrary commands via shell metacharacters
High
CVE-2014-2322
was published
for
arabic-prawn
(RubyGems)
Oct 24, 2017
Webbynode Code Injection vulnerability
High
CVE-2013-7086
was published
for
webbynode
(RubyGems)
Oct 24, 2017
Regular Expression Denial of Service in marked
High
CVE-2015-8854
was published
for
marked
(npm)
Oct 24, 2017
sprout Arbitrary Code Execution vulnerability
High
CVE-2013-6421
was published
for
sprout
(RubyGems)
Oct 24, 2017
Rack vulnerable to Denial of Service via large parameter depth request
Moderate
CVE-2015-3225
was published
for
rack
(RubyGems)
Oct 24, 2017
actionpack Cross-site Scripting vulnerability
Moderate
CVE-2013-6416
was published
for
actionpack
(RubyGems)
Oct 24, 2017
Web Console (Ruby gem) contains whitelisted_ips bypass
Moderate
CVE-2015-3224
was published
for
web-console
(RubyGems)
Oct 24, 2017
sfpagent Command Injection vulnerability
High
CVE-2014-2888
was published
for
sfpagent
(RubyGems)
Oct 24, 2017
Cross-Site Scripting in serve-index
Moderate
CVE-2015-8856
was published
for
serve-index
(npm)
Oct 24, 2017
SQL Injection in Active Record
High
CVE-2014-3482
was published
for
activerecord
(RubyGems)
Oct 24, 2017
ProTip!
Advisories are also available from the
GraphQL API