GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
17 advisories
Filter by severity
Command Injection in sequenceserver
Critical
CVE-2024-42360
was published
for
sequenceserver
(RubyGems)
Aug 13, 2024
Puppet Arbitrary Command Execution
Moderate
CVE-2012-1988
was published
for
puppet
(RubyGems)
May 14, 2022
flash_tool Gem for Ruby File Download Handling Arbitrary Command Execution
Critical
CVE-2013-2513
was published
for
flash_tool
(RubyGems)
Jan 26, 2023
geokit-rails Command Injection vulnerability
Critical
CVE-2023-26153
was published
for
geokit-rails
(RubyGems)
Oct 6, 2023
ruby-saml vulnerable to XPath injection
Critical
CVE-2015-20108
was published
for
ruby-saml
(RubyGems)
May 27, 2023
git-fastclone permits arbitrary shell command execution from .gitmodules
High
CVE-2015-8968
was published
for
git-fastclone
(RubyGems)
Aug 15, 2018
colorscore Command Injection vulnerability
Critical
CVE-2015-7541
was published
for
colorscore
(RubyGems)
Oct 24, 2017
sfpagent Command Injection vulnerability
High
CVE-2014-2888
was published
for
sfpagent
(RubyGems)
Oct 24, 2017
PDFKit vulnerable to Command Injection
Critical
CVE-2022-25765
was published
for
pdfkit
(RubyGems)
Sep 10, 2022
Git-fastclone passes user modifiable strings directly to a shell command
Critical
CVE-2015-8969
was published
for
git-fastclone
(RubyGems)
Aug 15, 2018
Fileutils Command Injection vulnerability
High
CVE-2013-2516
was published
for
fileutils
(RubyGems)
May 14, 2022
Use of Insufficiently Random Values in Railties Allows Remote Code Execution
Critical
CVE-2019-5420
was published
for
railties
(RubyGems)
Mar 13, 2019
karo Metacharacter Handling Remote Command Execution
Critical
CVE-2014-10075
was published
for
karo
(RubyGems)
May 14, 2022
festivaltts4r allows arbitrary command execution
Critical
CVE-2016-10194
was published
for
festivaltts4r
(RubyGems)
Oct 24, 2017
active-support impersonates 'activesupport' gem
Critical
CVE-2018-3779
was published
for
active-support
(RubyGems)
Aug 13, 2018
ProTip!
Advisories are also available from the
GraphQL API