Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,714
NuGet
661
pip
3,387
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

168 advisories

Loading
katello Cross-site Scripting vulnerability Moderate
CVE-2018-16887 was published for katello (RubyGems) May 14, 2022
RubyGems Cross-site Scripting vulnerability Moderate
CVE-2018-1000078 was published for org.jruby:jruby-stdlib (RubyGems) May 14, 2022
Gem in a Box vulnerable to Cross-site Scripting Moderate
CVE-2017-14506 was published for geminabox (RubyGems) May 13, 2022
Bootstrap vulnerable to Cross-Site Scripting (XSS) Moderate
CVE-2018-14040 was published for bootstrap (RubyGems) May 13, 2022
jhutchings1 stof
Churro tdunlap607 jenhae
Camaleon CMS vulnerable to Stored Cross-site Scripting Moderate
CVE-2018-18260 was published for camaleon_cms (RubyGems) May 13, 2022
XSS Vulnerability in Action View tag helpers Moderate
CVE-2022-27777 was published for actionview (RubyGems) Apr 27, 2022
N3uRaL4Ca5t
Cross-site Scripting Vulnerability in Action Pack Moderate
CVE-2022-22577 was published for actionpack (RubyGems) Apr 27, 2022
tdunlap607
Cross site scripting in actionpack Rubygem Moderate
CVE-2011-1497 was published for actionpack (RubyGems) Apr 22, 2022
jhutchings1 jasnow
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in view_component High
CVE-2022-24722 was published for view_component (RubyGems) Mar 2, 2022
XSS in `*Text` options of the Datepicker widget in jquery-ui Moderate
CVE-2021-41183 was published for jQuery.UI.Combined (RubyGems) Oct 26, 2021
esbena
XSS in the `of` option of the `.position()` util in jquery-ui Moderate
CVE-2021-41184 was published for jQuery.UI.Combined (RubyGems) Oct 26, 2021
esbena A-Fitz-Nelnet
XSS in the `altField` option of the Datepicker widget in jquery-ui Moderate
CVE-2021-41182 was published for jQuery.UI.Combined (RubyGems) Oct 26, 2021
esbena
Cross-site Scripting in Sidekiq Moderate
CVE-2021-30151 was published for sidekiq (RubyGems) Oct 6, 2021
Cross-Site Scripting in Qiita-Markdown Moderate
CVE-2021-28796 was published for qiita-markdown (RubyGems) Aug 2, 2021
qiita-markdown Cross-site Scripting vulnerability Moderate
CVE-2021-28833 was published for qiita-markdown (RubyGems) Aug 2, 2021
tdunlap607
Gon gem lack of escaping certain input when outputting as JSON Moderate
CVE-2020-25739 was published for gon (RubyGems) Apr 30, 2021
Cross-site scripting in actionpack Moderate
CVE-2020-8264 was published for actionpack (RubyGems) Apr 7, 2021
rails_admin ruby gem XSS vulnerability Moderate
CVE-2020-36190 was published for rails_admin (RubyGems) Jan 14, 2021
Injection/XSS in Redcarpet Moderate
CVE-2020-26298 was published for redcarpet (RubyGems) Jan 11, 2021
XSS in Action View Moderate
CVE-2020-15169 was published for actionview (RubyGems) Sep 11, 2020
jonathanhefner
Cross-Site Scripting in jquery Moderate
CVE-2012-6708 was published for jQuery (RubyGems) Sep 1, 2020
klaudialax
Cross-site Scripting in Sanitize High
CVE-2020-4054 was published for sanitize (RubyGems) Jun 16, 2020
Cross-Site Scripting in Kaminari Moderate
CVE-2020-11082 was published for kaminari (RubyGems) May 28, 2020
viseztrance sonalkr132
Cross-Site Scripting in jquery Moderate
CVE-2020-7656 was published for jQuery (RubyGems) May 20, 2020
klaudialax eoftedal
Potential XSS vulnerability in jQuery Moderate
CVE-2020-11023 was published for jQuery (RubyGems) Apr 29, 2020
masatokinugawa klaudialax
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database