GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
105 advisories
Filter by severity
omniauth-weibo-oauth2 included a code-execution backdoor inserted by a third party
Critical
CVE-2019-17268
was published
for
omniauth-weibo-oauth2
(RubyGems)
May 24, 2022
papercrop does not properly handle crop input
Critical
CVE-2015-2784
was published
for
papercrop
(RubyGems)
May 24, 2022
Publify vulnerable to cross site scripting
Critical
CVE-2022-1811
was published
for
publify_core
(RubyGems)
May 24, 2022
Katello uses hard coded credential
Critical
CVE-2012-3503
was published
for
katello
(RubyGems)
May 17, 2022
karo Metacharacter Handling Remote Command Execution
Critical
CVE-2014-10075
was published
for
karo
(RubyGems)
May 14, 2022
Phusion Passenger SpawningKit Contains Arbitrary Read/Write Vulnerability
Critical
CVE-2018-12026
was published
for
passenger
(RubyGems)
May 14, 2022
RubyGems Improper Verification of Cryptographic Signature vulnerability
Critical
CVE-2018-1000076
was published
for
org.jruby:jruby-stdlib
(RubyGems)
May 14, 2022
Bundler allows attacker to inject arbitrary code via secondary Gem source
Critical
CVE-2016-7954
was published
for
bundler
(RubyGems)
May 14, 2022
Ruby Openssl Allows Incorrect Value Comparison
Critical
CVE-2018-16395
was published
for
openssl
(RubyGems)
May 13, 2022
RubyGems vulnerable to Deserialization of Untrusted Data
Critical
CVE-2017-0903
was published
for
rubygems-update
(RubyGems)
May 13, 2022
RubyGems Code Injection vulnerability
Critical
CVE-2017-0899
was published
for
rubygems-update
(RubyGems)
May 13, 2022
Nokogiri vulnerable to libxslt protection mechanism bypass
Critical
CVE-2019-11068
was published
for
nokogiri
(RubyGems)
May 13, 2022
smalruby and smalruby-editor vulnerable to OS Command Injection
Critical
CVE-2017-2096
was published
for
smalruby
(RubyGems)
May 13, 2022
Fluentd Escape Sequence Injection Vulnerability
Critical
CVE-2017-10906
was published
for
fluentd
(RubyGems)
May 13, 2022
Puppet Improper Access Control
Critical
CVE-2016-2785
was published
for
puppet
(RubyGems)
May 13, 2022
PDFKit Improper Input Validation vulnerability
Critical
CVE-2013-1607
was published
for
pdfkit
(RubyGems)
May 5, 2022
RubyGem openshift-origin-controller is vulnerable to command injection
Critical
CVE-2013-2095
was published
for
openshift-origin-controller
(RubyGems)
May 5, 2022
CSV-Safe improperly filters special characters potentially leading to CSV injection
Critical
CVE-2022-28481
was published
for
csv-safe
(RubyGems)
May 3, 2022
Server side request forgery in gibbon
Critical
CVE-2022-27311
was published
for
gibbon
(RubyGems)
Apr 26, 2022
Command Injection vulnerability in asciidoctor-include-ext
Critical
CVE-2022-24803
was published
for
asciidoctor-include-ext
(RubyGems)
Mar 31, 2022
Puma vulnerable to HTTP Request Smuggling
Critical
CVE-2022-24790
was published
for
puma
(RubyGems)
Mar 30, 2022
Possible code injection vulnerability in Rails / Active Storage
Critical
CVE-2022-21831
was published
for
activestorage
(RubyGems)
Mar 8, 2022
Remote shell execution vulnerability in image_processing
Critical
CVE-2022-24720
was published
for
image_processing
(RubyGems)
Mar 1, 2022
Buffer overrun in CGI.escape_html
Critical
CVE-2021-41816
was published
for
cgi
(RubyGems)
Dec 14, 2021
ProTip!
Advisories are also available from the
GraphQL API