Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,041
Maven
5,000+
npm
3,733
NuGet
662
pip
3,414
Pub
12
RubyGems
891
Rust
866
Swift
36
Unreviewed advisories
All unreviewed
5,000+

300 advisories

Loading
Missing TLS certificate verification in faye-websocket High
CVE-2020-15133 was published for faye-websocket (RubyGems) Jul 31, 2020
Missing TLS certificate verification High
CVE-2020-15134 was published for faye (RubyGems) Jul 31, 2020
Unsafe object creation in json RubyGem High
CVE-2020-10663 was published for json (RubyGems) Jul 27, 2020
Remote code execution via user-provided local names in ActionView High
CVE-2020-8163 was published for actionview (RubyGems) Jul 7, 2020
Directory traversal in Rack::Directory app bundled with Rack High
CVE-2020-8161 was published for rack (RubyGems) Jul 6, 2020
Rack allows Percent-encoded cookies to overwrite existing prefixed cookie names High
CVE-2020-8184 was published for rack (RubyGems) Jun 24, 2020
Cross-site Scripting in Sanitize High
CVE-2020-4054 was published for sanitize (RubyGems) Jun 16, 2020
Regular Expression Denial of Service in websocket-extensions (RubyGem) High
CVE-2020-7663 was published for websocket-extensions (RubyGems) Jun 5, 2020
Circumvention of file size limits in ActiveStorage High
CVE-2020-8162 was published for activestorage (RubyGems) May 26, 2020
Possible Strong Parameters Bypass in ActionPack High
CVE-2020-8164 was published for actionpack (RubyGems) May 26, 2020
navhits
HTTP Smuggling via Transfer-Encoding Header in Puma High
CVE-2020-11076 was published for puma (RubyGems) May 22, 2020
ZeddYu
Information disclosure issue in Active Resource High
CVE-2020-8151 was published for activeresource (RubyGems) May 21, 2020
Improper Restriction of Excessive Authentication Attempts in Sorcery High
CVE-2020-11052 was published for sorcery (RubyGems) May 7, 2020
futuretap
Exposure of Sensitive Information to an Unauthorized Actor in Doorkeeper High
CVE-2020-10187 was published for doorkeeper (RubyGems) May 7, 2020
stefansundin nbulaj
Authentication and extension bypass in Faye High
CVE-2020-11020 was published for faye (RubyGems) Apr 29, 2020
BSON rubygem contains potential denial of service High
CVE-2015-4411 was published for bson (RubyGems) Apr 29, 2020
Sort order SQL injection in Administrate High
CVE-2020-5257 was published for administrate (RubyGems) Mar 13, 2020
becojo
Denial of Service in uap-core when processing crafted User-Agent strings High
GHSA-pcqq-5962-hvcw was published for user_agent_parser (RubyGems) Mar 10, 2020
bcaller
libxml as used in Nokogiri has an infinite loop in a certain end-of-file situation High
CVE-2020-7595 was published for nokogiri (RubyGems) Feb 24, 2020
XSS/Script injection vulnerability in matestack High
CVE-2020-5241 was published for matestack-ui-core (RubyGems) Feb 12, 2020
PragTob tdunlap607
Prototype Pollution in chartkick High
CVE-2019-18841 was published for chartkick (RubyGems) Dec 2, 2019
JSON-jwt Gem lacked element count during splitting of JWE string High
CVE-2019-18848 was published for json-jwt (RubyGems) Nov 14, 2019
Ruby_parser-legacy Incorrect Permission Assignment for Critical Resource High
CVE-2019-18409 was published for ruby_parser-legacy (RubyGems) Oct 25, 2019
samlr XML nodes comment attack High
CVE-2018-20857 was published for samlr (RubyGems) Jul 31, 2019
OS Command Injection in MiniMagick High
CVE-2019-13574 was published for mini_magick (RubyGems) Jul 18, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database