Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,669
Erlang
34
GitHub Actions
26
Go
2,262
Maven
5,000+
npm
3,912
NuGet
705
pip
3,681
Pub
12
RubyGems
916
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

305 advisories

Loading
Arbitrary Code Execution in Rdoc High
CVE-2021-31799 was published for rdoc (RubyGems) Sep 1, 2021
Regular Expression Denial of Service in Addressable templates High
CVE-2021-32740 was published for addressable (RubyGems) Jul 12, 2021
Code injection in Narou High
CVE-2021-35514 was published for narou (RubyGems) Jul 2, 2021
Exposure of Sensitive Information to an Unauthorized Actor in foreman_fog_proxmox High
CVE-2021-20259 was published for foreman_fog_proxmox (RubyGems) Jun 10, 2021
HTTP Request Smuggling in goliath High
CVE-2020-7671 was published for goliath (RubyGems) May 24, 2021
HTTP Request Smuggling in reel High
CVE-2020-7659 was published for reel (RubyGems) May 24, 2021
Improper Certificate Validation in EM-HTTP-Request High
CVE-2020-13482 was published for em-http-request (RubyGems) May 24, 2021
tdunlap607
Dependency Confusion in Bundler High
CVE-2020-36327 was published for bundler (RubyGems) May 24, 2021
Improper certificate validation in em-imap High
CVE-2020-13163 was published for em-imap (RubyGems) May 24, 2021
Puma's Keepalive Connections Causing Denial Of Service High
CVE-2021-29509 was published for puma (RubyGems) May 18, 2021
MSP-Greg wjordan
ioquatix
Insecure path handling in Bundler High
CVE-2019-3881 was published for bundler (RubyGems) May 10, 2021
Tempfile on Windows path traversal vulnerability High
CVE-2021-28966 was published for tmpdir (RubyGems) May 6, 2021
Possible DoS Vulnerability in Action Controller Token Authentication High
CVE-2021-22904 was published for actionpack (RubyGems) May 5, 2021
Action Pack contains Information Disclosure / Unintended Method Execution vulnerability High
CVE-2021-22885 was published for actionpack (RubyGems) May 5, 2021
Denial of Service in Action Dispatch High
CVE-2021-22902 was published for actionpack (RubyGems) May 5, 2021
REXML round-trip instability High
CVE-2021-28965 was published for rexml (RubyGems) Apr 30, 2021
Pgsync Contains Cleartext Transmission of Sensitive Information High
CVE-2021-31671 was published for pgsync (RubyGems) Apr 27, 2021
Improper Certificate Validation in oauth ruby gem High
CVE-2016-11086 was published for oauth (RubyGems) Apr 22, 2021
Cross-Site Request Forgery (CSRF) in trestle-auth High
CVE-2021-29435 was published for trestle-auth (RubyGems) Apr 13, 2021
tomekr aj-hall
utkanos
Remote code execution in Kramdown High
CVE-2021-28834 was published for kramdown (RubyGems) Mar 29, 2021
Active Record subject to Regular Expression Denial-of-Service (ReDoS) High
CVE-2021-22880 was published for activerecord (RubyGems) Mar 2, 2021
Code Injection vulnerability in CarrierWave::RMagick High
CVE-2021-21305 was published for carrierwave (RubyGems) Feb 8, 2021
wonda-tea-coffee
Command Injection Vulnerability in Mechanize High
CVE-2021-21289 was published for mechanize (RubyGems) Feb 2, 2021
kyoshidajp
omniauth-apple allows attacker to fake their email address during authentication High
CVE-2020-26254 was published for omniauth-apple (RubyGems) Dec 8, 2020
davidtaylorhq
Authorization bypass in Spree High
CVE-2020-26223 was published for spree_api (RubyGems) Nov 13, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database