Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+

425 advisories

Loading
Rails has possible Sensitive Session Information Leak in Active Storage Moderate
CVE-2024-26144 was published for activestorage (RubyGems) Feb 27, 2024
yoshizawa-masatoshi tyage
postmodern
Rails has possible XSS Vulnerability in Action Controller Moderate
CVE-2024-26143 was published for actionpack (RubyGems) Feb 27, 2024
ooooooo-q yoshizawa-masatoshi
postmodern stdedos
REXML contains a denial of service vulnerability Moderate
CVE-2024-35176 was published for rexml (RubyGems) May 16, 2024
Decidim cross-site scripting (XSS) in the admin panel Moderate
CVE-2024-27095 was published for decidim-admin (RubyGems) Jul 10, 2024
Decidim vulnerable to data disclosure through the embed feature Moderate
CVE-2024-27090 was published for decidim (RubyGems) Jul 10, 2024
RailsAdmin Cross-site Scripting vulnerability in the list view Moderate
CVE-2024-39308 was published for rails_admin (RubyGems) Jul 8, 2024
mshibuya
Bootstrap Vulnerable to Cross-Site Scripting Moderate
CVE-2019-8331 was published for Bootstrap.Less (RubyGems) Feb 22, 2019
Bootstrap Cross-site Scripting vulnerability Moderate
CVE-2018-14041 was published for bootstrap (RubyGems) Sep 13, 2018
jenhae
REXML denial of service vulnerability Moderate
CVE-2024-39908 was published for rexml (RubyGems) Jul 16, 2024
XSS vulnerability that affects bootstrap Moderate
CVE-2018-20676 was published for bootstrap (RubyGems) Jan 17, 2019
tdunlap607
Bootstrap Cross-site Scripting vulnerability Moderate
CVE-2016-10735 was published for bootstrap (RubyGems) Jan 17, 2019
roka-actico
Bootstrap Cross-site Scripting vulnerability Moderate
CVE-2018-14042 was published for bootstrap (RubyGems) Sep 13, 2018
tdunlap607 1Jesper1
bootstrap Cross-site Scripting vulnerability Moderate
CVE-2018-20677 was published for bootstrap (RubyGems) Jan 17, 2019
tdunlap607
Bootstrap vulnerable to Cross-Site Scripting (XSS) Moderate
CVE-2018-14040 was published for bootstrap (RubyGems) May 13, 2022
jhutchings1 stof
Churro tdunlap607 jenhae
Cross-Site Request Forgery in Spina Moderate
CVE-2024-7106 was published for spina (RubyGems) Jul 25, 2024
Bootstrap Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2024-6484 was published for bootstrap (RubyGems) Jul 11, 2024
metametadata
fugit parse and parse_nat stall on lengthy input Moderate
CVE-2024-43380 was published for fugit (RubyGems) Aug 19, 2024
personnumber3377 bensheldon
request_store has Incorrect Default Permissions Moderate
CVE-2024-43791 was published for request_store (RubyGems) Aug 23, 2024
G-Rath
ActionText ContentAttachment can Contain Unsanitized HTML Moderate
CVE-2024-32464 was published for actiontext (RubyGems) Jun 4, 2024
ooooooo-q
REXML DoS vulnerability Moderate
CVE-2024-41123 was published for rexml (RubyGems) Aug 1, 2024
REXML DoS vulnerability Moderate
CVE-2024-41946 was published for rexml (RubyGems) Aug 2, 2024
naitoh
Bootstrap Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2024-6531 was published for bootstrap (RubyGems) Jul 11, 2024
alexeyNeklesa-idt metametadata
Cross Site Scripting vulnerability in Contribsys Sidekiq Moderate
CVE-2023-46950 was published for sidekiq-unique-jobs (RubyGems) Mar 1, 2024
Decidim::Admin vulnerable to cross-site scripting (XSS) in the admin activity log Moderate
CVE-2024-32034 was published for decidim-admin (RubyGems) Sep 16, 2024
Decidim::Admin vulnerable to cross-site scripting (XSS) in the admin panel with QuillJS WYSWYG editor Moderate
CVE-2024-39910 was published for decidim (RubyGems) Sep 16, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database