GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
891 advisories
Filter by severity
actionview Cross-site Scripting vulnerability
Moderate
CVE-2016-6316
was published
for
actionview
(RubyGems)
Oct 24, 2017
Safemode Gem Has Incomplete List of Disallowed Inputs
Critical
CVE-2017-7540
was published
for
safemode
(RubyGems)
Oct 24, 2017
Directory traversal vulnerability in Action View in Ruby on Rails
High
CVE-2016-0752
was published
for
actionpack
(RubyGems)
Oct 24, 2017
activemodel contains Improper Input Validation
Moderate
CVE-2016-0753
was published
for
activemodel
(RubyGems)
Oct 24, 2017
archive-tar-minitar and minitar vulnerable to Path Traversal
High
CVE-2016-10173
was published
for
archive-tar-minitar
(RubyGems)
Oct 24, 2017
espeak-ruby allows arbitrary command execution
Critical
CVE-2016-10193
was published
for
espeak-ruby
(RubyGems)
Oct 24, 2017
festivaltts4r allows arbitrary command execution
Critical
CVE-2016-10194
was published
for
festivaltts4r
(RubyGems)
Oct 24, 2017
actionpack allows remote code execution via application's unrestricted use of render method
High
CVE-2016-2098
was published
for
actionpack
(RubyGems)
Oct 24, 2017
safemode gem allows context-dependent attackers to obtain sensitive information via the inspect method
High
CVE-2016-3693
was published
for
safemode
(RubyGems)
Oct 24, 2017
ActiveRecord in Ruby on Rails allows database-query bypass
High
CVE-2016-6317
was published
for
activerecord
(RubyGems)
Oct 24, 2017
Directory traversal vulnerability in RubyZip
Critical
CVE-2017-5946
was published
for
rubyzip
(RubyGems)
Oct 24, 2017
actionview contains Path Traversal vulnerability
Moderate
CVE-2016-2097
was published
for
actionpack
(RubyGems)
Oct 24, 2017
jQuery-UI vulnerable to Cross-site Scripting in dialog closeText
Moderate
CVE-2016-7103
was published
for
jQuery.UI.Combined
(RubyGems)
Oct 24, 2017
actionpack is vulnerable to denial of service via a crafted HTTP Accept header
High
CVE-2016-0751
was published
for
actionpack
(RubyGems)
Oct 24, 2017
Doorkeeper is vulnerable to replay attacks
Critical
CVE-2016-6582
was published
for
doorkeeper
(RubyGems)
Oct 24, 2017
rack-mini-profiler allows remote attackers to obtain sensitive information about allocated strings and objects
Moderate
CVE-2016-4442
was published
for
rack-mini-profiler
(RubyGems)
Oct 24, 2017
ProTip!
Advisories are also available from the
GraphQL API