Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

35 advisories

Loading
Camaleon CMS vulnerable to remote code execution through code injection (GHSL-2024-185) High
GHSA-7x4w-cj9r-h4v9 was published for camaleon_cms (RubyGems) Sep 18, 2024
texpert
Camaleon CMS vulnerable to arbitrary path traversal (GHSL-2024-183) High
CVE-2024-46987 was published for camaleon_cms (RubyGems) Sep 18, 2024
texpert
Camaleon CMS affected by arbitrary file write to RCE (GHSL-2024-182) High
CVE-2024-46986 was published for camaleon_cms (RubyGems) Sep 18, 2024
texpert
Duplicate Advisory: Malicious URL drafting attack against iodines static file server may allow path traversal Low
GHSA-qwf7-rv77-fcr3 was published for iodine (RubyGems) Jan 4, 2024 withdrawn
rswag vulnerable to arbitrary JSON and YAML file read via directory traversal High
CVE-2023-38337 was published for rswag (RubyGems) Jul 15, 2023
TZInfo relative path traversal vulnerability allows loading of arbitrary files High
CVE-2022-31163 was published for tzinfo (RubyGems) Jul 21, 2022
kratob
RubyGems Path Traversal vulnerability Moderate
CVE-2018-1000079 was published for org.jruby:jruby-stdlib (RubyGems) May 14, 2022
RubyGems may allow a maliciously crafted gem to overwrite files High
CVE-2017-0901 was published for rubygems-update (RubyGems) May 13, 2022
mixlib-archive Path Traversal vulnerability High
CVE-2017-1000026 was published for mixlib-archive (RubyGems) May 13, 2022
sinatra does not validate expanded path matches High
CVE-2022-29970 was published for sinatra (RubyGems) May 3, 2022
Mongrel vulnerable to directory traversal via double-encoded sequences Moderate
CVE-2007-6612 was published for mongrel (RubyGems) May 1, 2022
Path traversal when MessageBus::Diagnostics is enabled Moderate
CVE-2021-43840 was published for message_bus (RubyGems) Dec 17, 2021
Tempfile on Windows path traversal vulnerability High
CVE-2021-28966 was published for tmpdir (RubyGems) May 6, 2021
Directory traversal in Rack::Directory app bundled with Rack High
CVE-2020-8161 was published for rack (RubyGems) Jul 6, 2020
Arbitrary file write in actionpack-page_caching gem Critical
CVE-2020-8159 was published for actionpack-page_caching (RubyGems) May 13, 2020
The rack-cors rubygem may allow directory traveral Moderate
CVE-2019-18978 was published for rack-cors (RubyGems) Nov 15, 2019
Malicious URL drafting attack against iodines static file server may allow path traversal Low
CVE-2024-22050 was published for iodine (RubyGems) Oct 7, 2019
Path Traversal vulnerability that affects yard High
CVE-2019-1020001 was published for yard (RubyGems) Jul 2, 2019
RubyGems Delete directory using symlink when decompressing tar High
CVE-2019-8320 was published for rubygems-update (RubyGems) Jun 20, 2019
Path Traversal in Action View High
CVE-2019-5418 was published for actionview (RubyGems) Mar 13, 2019
Sprockets path traversal leads to information leak High
CVE-2018-3760 was published for sprockets (RubyGems) Jun 20, 2018
kurt-r2c
Sinatra Path Traversal vulnerability Moderate
CVE-2018-7212 was published for sinatra (RubyGems) Feb 20, 2018
Arbitrary file read vulnerability in yard server High
CVE-2017-17042 was published for yard (RubyGems) Dec 21, 2017
Mail Gem Path Traversal vulnerability Moderate
CVE-2012-2139 was published for mail (RubyGems) Oct 24, 2017
Rack Vulnerable to Path Traversal Moderate
CVE-2013-0262 was published for rack (RubyGems) Oct 24, 2017
ProTip! Advisories are also available from the GraphQL API