Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

412 advisories

Loading
Rack rubygems receiving excessively long lines triggers out-of-memory error Moderate
CVE-2013-0183 was published for rack (RubyGems) Oct 24, 2017
activesupport Cross-site Scripting vulnerability Moderate
CVE-2012-3464 was published for activesupport (RubyGems) Oct 24, 2017
tdunlap607
newrelic_rpm Gem Discloses Sensitive Information Moderate
CVE-2013-0284 was published for newrelic_rpm (RubyGems) Oct 24, 2017
ldoce Gem Arbitrary Command Execution Moderate
CVE-2013-1911 was published for ldoce (RubyGems) Oct 24, 2017
omniauth-oauth2 Cross-Site Request Forgery vulnerability Moderate
CVE-2012-6134 was published for omniauth-oauth2 (RubyGems) Oct 24, 2017
i18n gem Cross-site Scripting vulnerability Moderate
CVE-2013-4492 was published for i18n (RubyGems) Oct 24, 2017
insecure temporary directory usage in passenger Moderate
CVE-2013-4136 was published for passenger (RubyGems) Oct 24, 2017
Denial of service in ruby-openid Moderate
CVE-2013-1812 was published for ruby-openid (RubyGems) Oct 24, 2017
activesupport Improper Input Validation vulnerability Moderate
CVE-2013-1856 was published for activesupport (RubyGems) Oct 24, 2017
Wicked gem contains Path traversal vulnerability Moderate
CVE-2013-4413 was published for wicked (RubyGems) Oct 24, 2017
actionmailer email address processing causes Denial of service Moderate
CVE-2013-4389 was published for actionmailer (RubyGems) Oct 24, 2017
Spree Improper Input Validation vulnerability Moderate
CVE-2013-1656 was published for spree (RubyGems) Oct 24, 2017
jquery-ui Tooltip widget vulnerable to XSS Moderate
CVE-2012-6662 was published for jQuery.UI.Combined (RubyGems) Oct 24, 2017
Phusion Passenger Denial of Service Moderate
CVE-2013-2119 was published for passenger (RubyGems) Oct 24, 2017
Script Injection in Show In Browser gem Moderate
CVE-2013-2105 was published for show_in_browser (RubyGems) Oct 24, 2017
RDoc contains XSS vulnerability Moderate
CVE-2013-0256 was published for rdoc (RubyGems) Oct 24, 2017
Puppet allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service Moderate
CVE-2013-4761 was published for puppet (RubyGems) Oct 24, 2017
Pupper does not properly restrict characters in Common Name field of Certificate Signing Request Moderate
CVE-2012-3867 was published for puppet (RubyGems) Oct 24, 2017
Rack vulnerable to REDoS Moderate
CVE-2012-6109 was published for rack (RubyGems) Oct 24, 2017
Active Record Improper Input Validation Moderate
CVE-2013-1854 was published for activerecord (RubyGems) Oct 24, 2017
actionpack vulnerable to Cross-site Scripting Moderate
CVE-2013-4491 was published for actionpack (RubyGems) Oct 24, 2017
Rack Vulnerable to Path Traversal Moderate
CVE-2013-0262 was published for rack (RubyGems) Oct 24, 2017
Active Record allows bypassing of database-query restrictions Moderate
CVE-2013-0155 was published for activerecord (RubyGems) Oct 24, 2017
ActiveRecord vulnerable to modification of protected model attributes Moderate
CVE-2013-0276 was published for activerecord (RubyGems) Oct 24, 2017
actionpack Cross-site Scripting vulnerability Moderate
CVE-2013-1855 was published for actionpack (RubyGems) Oct 24, 2017
ProTip! Advisories are also available from the GraphQL API