GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,014
Maven
5,000+
npm
3,721
NuGet
662
pip
3,393
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
54 advisories
Filter by severity
protobuf-java has potential Denial of Service issue
High
CVE-2024-7254
was published
for
com.google.protobuf:protobuf-java
(RubyGems)
Sep 19, 2024
avo possible unsafe reflection / partial DoS vulnerability
High
CVE-2023-34102
was published
for
avo
(RubyGems)
Jun 6, 2023
Missing security headers in Action Pack on non-HTML responses
Moderate
CVE-2024-28103
was published
for
actionpack
(RubyGems)
Jun 4, 2024
Denial of Service in uap-core when processing crafted User-Agent strings
Moderate
CVE-2020-5243
was published
for
uap-core
(RubyGems)
Feb 20, 2020
activemodel contains Improper Input Validation
Moderate
CVE-2016-0753
was published
for
activemodel
(RubyGems)
Oct 24, 2017
actionpack Improper Input Validation vulnerability
Moderate
CVE-2014-0082
was published
for
actionpack
(RubyGems)
Oct 24, 2017
WEBrick Improper Input Validation vulnerability
Moderate
CVE-2009-4492
was published
for
webrick
(RubyGems)
Oct 24, 2017
actionpack Improper Input Validation vulnerability
Moderate
CVE-2011-3187
was published
for
actionpack
(RubyGems)
Oct 24, 2017
Puppet Improper Input Validation vulnerability
High
CVE-2013-1655
was published
for
puppet
(RubyGems)
Oct 24, 2017
Puppet Improper Input Validation vulnerability
High
CVE-2013-3567
was published
for
puppet
(RubyGems)
Oct 24, 2017
actionpack Improper Input Validation vulnerability
Moderate
CVE-2013-6414
was published
for
actionpack
(RubyGems)
Oct 24, 2017
High severity vulnerability that affects thin
High
CVE-2009-3287
was published
for
thin
(RubyGems)
Oct 24, 2017
Ciborg gem for Ruby allows local users to write files and gain privileges via Symlink
Moderate
CVE-2014-5003
was published
for
ciborg
(RubyGems)
Jul 23, 2018
activesupport Improper Input Validation vulnerability
Moderate
CVE-2013-1856
was published
for
activesupport
(RubyGems)
Oct 24, 2017
JSON gem has Improper Input Validation vulnerability
High
CVE-2013-0269
was published
for
json
(RubyGems)
Oct 24, 2017
Spree Improper Input Validation vulnerability
Moderate
CVE-2013-1656
was published
for
spree
(RubyGems)
Oct 24, 2017
ldoce Gem Arbitrary Command Execution
Moderate
CVE-2013-1911
was published
for
ldoce
(RubyGems)
Oct 24, 2017
Mail Improper Input Validation vulnerability
Moderate
CVE-2011-0739
was published
for
mail
(RubyGems)
Oct 24, 2017
Improper Input Validation in multi_xml
High
CVE-2013-0175
was published
for
multi_xml
(RubyGems)
Oct 24, 2017
Mail Gem Improper Input Validation vulnerability
High
CVE-2012-2140
was published
for
mail
(RubyGems)
Oct 24, 2017
Gyazo allows local users to write arbitrary files
Moderate
CVE-2014-4994
was published
for
gyazo
(RubyGems)
Jan 22, 2018
Unsafe object creation in json RubyGem
High
CVE-2020-10663
was published
for
json
(RubyGems)
Jul 27, 2020
Rack allows Percent-encoded cookies to overwrite existing prefixed cookie names
High
CVE-2020-8184
was published
for
rack
(RubyGems)
Jun 24, 2020
Improper Input Validation in simple_form
Critical
CVE-2019-16676
was published
for
simple_form
(RubyGems)
Sep 30, 2019
Ox gem crashes due to a crafted input
High
CVE-2017-15928
was published
for
ox
(RubyGems)
Nov 21, 2017
ProTip!
Advisories are also available from the
GraphQL API