GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
37 advisories
Filter by severity
The rack-cors rubygem may allow directory traveral
Moderate
CVE-2019-18978
was published
for
rack-cors
(RubyGems)
Nov 15, 2019
Sinatra Path Traversal vulnerability
Moderate
CVE-2018-7212
was published
for
sinatra
(RubyGems)
Feb 20, 2018
Tempfile on Windows path traversal vulnerability
High
CVE-2021-28966
was published
for
tmpdir
(RubyGems)
May 6, 2021
TZInfo relative path traversal vulnerability allows loading of arbitrary files
High
CVE-2022-31163
was published
for
tzinfo
(RubyGems)
Jul 21, 2022
Arbitrary file write in actionpack-page_caching gem
Critical
CVE-2020-8159
was published
for
actionpack-page_caching
(RubyGems)
May 13, 2020
sprockets vulnerable to Path Traversal
Moderate
CVE-2014-7819
was published
for
sprockets
(RubyGems)
Oct 24, 2017
mixlib-archive Path Traversal vulnerability
High
CVE-2017-1000026
was published
for
mixlib-archive
(RubyGems)
May 13, 2022
RubyGems may allow a maliciously crafted gem to overwrite files
High
CVE-2017-0901
was published
for
rubygems-update
(RubyGems)
May 13, 2022
RubyGems Path Traversal vulnerability
Moderate
CVE-2018-1000079
was published
for
org.jruby:jruby-stdlib
(RubyGems)
May 14, 2022
Path traversal when MessageBus::Diagnostics is enabled
Moderate
CVE-2021-43840
was published
for
message_bus
(RubyGems)
Dec 17, 2021
sinatra does not validate expanded path matches
High
CVE-2022-29970
was published
for
sinatra
(RubyGems)
May 3, 2022
Wicked gem contains Path traversal vulnerability
Moderate
CVE-2013-4413
was published
for
wicked
(RubyGems)
Oct 24, 2017
Arbitrary file read vulnerability in yard server
High
CVE-2017-17042
was published
for
yard
(RubyGems)
Dec 21, 2017
actionpack Path Traversal vulnerability
Moderate
CVE-2014-0130
was published
for
actionpack
(RubyGems)
Oct 24, 2017
Path Traversal in Action View
High
CVE-2019-5418
was published
for
actionview
(RubyGems)
Mar 13, 2019
actionpack vulnerable to Path Traversal
Moderate
CVE-2014-7818
was published
for
actionpack
(RubyGems)
Oct 24, 2017
Directory traversal vulnerability in actionpack
Moderate
CVE-2014-7829
was published
for
actionpack
(RubyGems)
Oct 24, 2017
Rack Vulnerable to Path Traversal
Moderate
CVE-2013-0262
was published
for
rack
(RubyGems)
Oct 24, 2017
Directory traversal vulnerability in RubyZip
Critical
CVE-2017-5946
was published
for
rubyzip
(RubyGems)
Oct 24, 2017
Directory traversal in Rack::Directory app bundled with Rack
High
CVE-2020-8161
was published
for
rack
(RubyGems)
Jul 6, 2020
RubyGems Delete directory using symlink when decompressing tar
High
CVE-2019-8320
was published
for
rubygems-update
(RubyGems)
Jun 20, 2019
archive-tar-minitar and minitar vulnerable to Path Traversal
High
CVE-2016-10173
was published
for
archive-tar-minitar
(RubyGems)
Oct 24, 2017
Sprockets path traversal leads to information leak
High
CVE-2018-3760
was published
for
sprockets
(RubyGems)
Jun 20, 2018
Mongrel vulnerable to directory traversal via double-encoded sequences
Moderate
CVE-2007-6612
was published
for
mongrel
(RubyGems)
May 1, 2022
Mail Gem Path Traversal vulnerability
Moderate
CVE-2012-2139
was published
for
mail
(RubyGems)
Oct 24, 2017
ProTip!
Advisories are also available from the
GraphQL API