GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
8,917 advisories
Filter by severity
rails is vulnerable to CRLF injection
Moderate
CVE-2008-5189
was published
for
rails
(RubyGems)
Oct 24, 2017
Cross-site Scripting vulnerability in i18n translations helper method
Moderate
CVE-2011-4319
was published
for
actionpack
(RubyGems)
Oct 24, 2017
Rails actionpack gem vulnerable to Cross-site Scripting
Moderate
CVE-2011-0446
was published
for
actionpack
(RubyGems)
Oct 24, 2017
actionpack and activesupport vulnerable to information leaks
Moderate
CVE-2009-3086
was published
for
actionpack
(RubyGems)
Oct 24, 2017
Cross-site Scripting in actionpack
Moderate
CVE-2012-1099
was published
for
actionpack
(RubyGems)
Oct 24, 2017
actionpack allows remote attackers to bypass database-query restrictions, perform NULL checks via crafted request
Moderate
CVE-2012-2694
was published
for
actionpack
(RubyGems)
Oct 24, 2017
actionpack Cross-site Scripting vulnerability
Moderate
CVE-2011-2931
was published
for
actionpack
(RubyGems)
Oct 24, 2017
Action Pack contains database-query restrictions bypass
Moderate
CVE-2012-2660
was published
for
actionpack
(RubyGems)
Oct 24, 2017
actionpack Improper Input Validation vulnerability
Moderate
CVE-2011-3187
was published
for
actionpack
(RubyGems)
Oct 24, 2017
activesupport Cross-site Scripting vulnerability
Moderate
CVE-2011-2932
was published
for
activesupport
(RubyGems)
Oct 24, 2017
actionpack Improper Input Validation vulnerability
Moderate
CVE-2011-2929
was published
for
actionpack
(RubyGems)
Oct 24, 2017
actionpack Improper Authentication vulnerability
Moderate
CVE-2012-3424
was published
for
actionpack
(RubyGems)
Oct 24, 2017
activesupport Cross-site Scripting vulnerability
Moderate
CVE-2012-1098
was published
for
activesupport
(RubyGems)
Oct 24, 2017
WEBrick Improper Input Validation vulnerability
Moderate
CVE-2009-4492
was published
for
webrick
(RubyGems)
Oct 24, 2017
Cocaine Gem OS Command Injection vulnerability
Moderate
CVE-2013-4457
was published
for
cocaine
(RubyGems)
Oct 24, 2017
Devise does not properly perform type conversion when performing database queries
Moderate
CVE-2013-0233
was published
for
devise
(RubyGems)
Oct 24, 2017
Rack rubygems receiving excessively long lines triggers out-of-memory error
Moderate
CVE-2013-0183
was published
for
rack
(RubyGems)
Oct 24, 2017
RedCloth Cross-site Scripting vulnerability
Moderate
CVE-2012-6684
was published
for
redcloth
(RubyGems)
Oct 24, 2017
omniauth-oauth2 Cross-Site Request Forgery vulnerability
Moderate
CVE-2012-6134
was published
for
omniauth-oauth2
(RubyGems)
Oct 24, 2017
Spree Improper Input Validation vulnerability
Moderate
CVE-2013-1656
was published
for
spree
(RubyGems)
Oct 24, 2017
ldoce Gem Arbitrary Command Execution
Moderate
CVE-2013-1911
was published
for
ldoce
(RubyGems)
Oct 24, 2017
newrelic_rpm Gem Discloses Sensitive Information
Moderate
CVE-2013-0284
was published
for
newrelic_rpm
(RubyGems)
Oct 24, 2017
activesupport Improper Input Validation vulnerability
Moderate
CVE-2013-1856
was published
for
activesupport
(RubyGems)
Oct 24, 2017
i18n gem Cross-site Scripting vulnerability
Moderate
CVE-2013-4492
was published
for
i18n
(RubyGems)
Oct 24, 2017
Wicked gem contains Path traversal vulnerability
Moderate
CVE-2013-4413
was published
for
wicked
(RubyGems)
Oct 24, 2017
ProTip!
Advisories are also available from the
GraphQL API