Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

8,917 advisories

Loading
rails is vulnerable to CRLF injection Moderate
CVE-2008-5189 was published for rails (RubyGems) Oct 24, 2017
Cross-site Scripting vulnerability in i18n translations helper method Moderate
CVE-2011-4319 was published for actionpack (RubyGems) Oct 24, 2017
jasnow
Rails actionpack gem vulnerable to Cross-site Scripting Moderate
CVE-2011-0446 was published for actionpack (RubyGems) Oct 24, 2017
jasnow
actionpack and activesupport vulnerable to information leaks Moderate
CVE-2009-3086 was published for actionpack (RubyGems) Oct 24, 2017
jasnow
Cross-site Scripting in actionpack Moderate
CVE-2012-1099 was published for actionpack (RubyGems) Oct 24, 2017
actionpack allows remote attackers to bypass database-query restrictions, perform NULL checks via crafted request Moderate
CVE-2012-2694 was published for actionpack (RubyGems) Oct 24, 2017
actionpack Cross-site Scripting vulnerability Moderate
CVE-2011-2931 was published for actionpack (RubyGems) Oct 24, 2017
Action Pack contains database-query restrictions bypass Moderate
CVE-2012-2660 was published for actionpack (RubyGems) Oct 24, 2017
actionpack Improper Input Validation vulnerability Moderate
CVE-2011-3187 was published for actionpack (RubyGems) Oct 24, 2017
activesupport Cross-site Scripting vulnerability Moderate
CVE-2011-2932 was published for activesupport (RubyGems) Oct 24, 2017
actionpack Improper Input Validation vulnerability Moderate
CVE-2011-2929 was published for actionpack (RubyGems) Oct 24, 2017
actionpack Improper Authentication vulnerability Moderate
CVE-2012-3424 was published for actionpack (RubyGems) Oct 24, 2017
ShayAry
activesupport Cross-site Scripting vulnerability Moderate
CVE-2012-1098 was published for activesupport (RubyGems) Oct 24, 2017
WEBrick Improper Input Validation vulnerability Moderate
CVE-2009-4492 was published for webrick (RubyGems) Oct 24, 2017
G-Rath
Cocaine Gem OS Command Injection vulnerability Moderate
CVE-2013-4457 was published for cocaine (RubyGems) Oct 24, 2017
Devise does not properly perform type conversion when performing database queries Moderate
CVE-2013-0233 was published for devise (RubyGems) Oct 24, 2017
Rack rubygems receiving excessively long lines triggers out-of-memory error Moderate
CVE-2013-0183 was published for rack (RubyGems) Oct 24, 2017
RedCloth Cross-site Scripting vulnerability Moderate
CVE-2012-6684 was published for redcloth (RubyGems) Oct 24, 2017
oliverchang
omniauth-oauth2 Cross-Site Request Forgery vulnerability Moderate
CVE-2012-6134 was published for omniauth-oauth2 (RubyGems) Oct 24, 2017
Spree Improper Input Validation vulnerability Moderate
CVE-2013-1656 was published for spree (RubyGems) Oct 24, 2017
ldoce Gem Arbitrary Command Execution Moderate
CVE-2013-1911 was published for ldoce (RubyGems) Oct 24, 2017
newrelic_rpm Gem Discloses Sensitive Information Moderate
CVE-2013-0284 was published for newrelic_rpm (RubyGems) Oct 24, 2017
activesupport Improper Input Validation vulnerability Moderate
CVE-2013-1856 was published for activesupport (RubyGems) Oct 24, 2017
i18n gem Cross-site Scripting vulnerability Moderate
CVE-2013-4492 was published for i18n (RubyGems) Oct 24, 2017
Wicked gem contains Path traversal vulnerability Moderate
CVE-2013-4413 was published for wicked (RubyGems) Oct 24, 2017
ProTip! Advisories are also available from the GraphQL API