Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,170
Erlang
30
GitHub Actions
19
Go
1,981
Maven
5,000+
npm
3,700
NuGet
656
pip
3,319
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+

105 advisories

Loading
netaddr before 1.5.3 and 2.0.4 has Incorrect Default Permissions Critical
CVE-2019-17383 was published for netaddr (RubyGems) Oct 14, 2019
stuarthannig
omniauth-saml vulnerable to Improper Verification of Cryptographic Signature Critical
GHSA-cvp8-5r8g-fhvq was published for omniauth-saml (RubyGems) Sep 11, 2024
ahacker1-securesaml suprnova32
rajiv bufferoverflow
SAML authentication bypass via Incorrect XPath selector Critical
CVE-2024-45409 was published for ruby-saml (RubyGems) Sep 10, 2024
ahacker1-securesaml
Command Injection in sequenceserver Critical
CVE-2024-42360 was published for sequenceserver (RubyGems) Aug 13, 2024
drpowell tadast
StringIO buffer overread vulnerability Critical
CVE-2024-27280 was published for stringio (RubyGems) Mar 25, 2024
Katello uses hard coded credential Critical
CVE-2012-3503 was published for katello (RubyGems) May 17, 2022
postmodern
discordrb OS Command Injection vulnerability Critical
CVE-2023-28102 was published for discordrb (RubyGems) Mar 14, 2024
rails vulnerable to improper authentication Critical
CVE-2009-2422 was published for rails (RubyGems) Oct 24, 2017
Buffer overrun in CGI.escape_html Critical
CVE-2021-41816 was published for cgi (RubyGems) Dec 14, 2021
kir-b
Possible shell escape sequence injection vulnerability in Rack Critical
CVE-2022-30123 was published for rack (RubyGems) May 27, 2022
kurt-r2c
flash_tool Gem for Ruby File Download Handling Arbitrary Command Execution Critical
CVE-2013-2513 was published for flash_tool (RubyGems) Jan 26, 2023
Prototype Pollution in handlebars Critical
CVE-2019-19919 was published for bootstrap-wysihtml5-rails (RubyGems) Dec 26, 2019
Puppet Improper Access Control Critical
CVE-2016-2785 was published for puppet (RubyGems) May 13, 2022
Server-Side Template Injection in Camaleon CMS Critical
CVE-2023-30145 was published for camaleon_cms (RubyGems) May 26, 2023
Puppet Bolt privilege escalation vulnerability Critical
CVE-2023-5214 was published for bolt (RubyGems) Oct 6, 2023
md2pdf allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename Critical
CVE-2013-1948 was published for md2pdf (RubyGems) Oct 24, 2017
Foreman Transpilation Enables OS Command Injection Critical
CVE-2022-3874 was published for foreman (RubyGems) Sep 22, 2023 withdrawn
drewblas MH4GF
hoshinotsuyoshi fesplugas-drms olleolleolle evgeni mrnovalles aramprice
Puma HTTP Request/Response Smuggling vulnerability Critical
CVE-2023-40175 was published for puma (RubyGems) Aug 18, 2023
kenballus
geokit-rails Command Injection vulnerability Critical
CVE-2023-26153 was published for geokit-rails (RubyGems) Oct 6, 2023
ruby-saml vulnerable to XPath injection Critical
CVE-2015-20108 was published for ruby-saml (RubyGems) May 27, 2023
Creme Fraiche contains OS Command Injection Critical
CVE-2013-2090 was published for cremefraiche (RubyGems) Oct 24, 2017
Nokogiri does not forbid namespace nodes in XPointer ranges Critical
CVE-2016-4658 was published for nokogiri (RubyGems) Aug 21, 2018
Active Record contains deserialization of arbitrary YAML Critical
CVE-2013-0277 was published for activerecord (RubyGems) Oct 24, 2017
strong_password Ruby gem malicious version causing Remote Code Execution vulnerability Critical
CVE-2019-13354 was published for strong_password (RubyGems) Jul 8, 2019
curupira is vulnerable to SQL injection Critical
CVE-2015-10053 was published for curupira (RubyGems) Jan 16, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database