GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
1,998
Maven
5,000+
npm
3,710
NuGet
661
pip
3,364
Pub
11
RubyGems
885
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
54 advisories
Filter by severity
protobuf-java has potential Denial of Service issue
High
CVE-2024-7254
was published
for
com.google.protobuf:protobuf-java
(RubyGems)
Sep 19, 2024
Missing security headers in Action Pack on non-HTML responses
Moderate
CVE-2024-28103
was published
for
actionpack
(RubyGems)
Jun 4, 2024
avo possible unsafe reflection / partial DoS vulnerability
High
CVE-2023-34102
was published
for
avo
(RubyGems)
Jun 6, 2023
Publify Improper Input Validation vulnerability
Critical
CVE-2023-0299
was published
for
publify_core
(RubyGems)
Jan 14, 2023
Fat Free CRM vulnerable to Remote Denial of Service via Tasks endpoint
Moderate
CVE-2022-39281
was published
for
fat_free_crm
(RubyGems)
Oct 7, 2022
protobuf-java has a potential Denial of Service issue
Moderate
CVE-2022-3171
was published
for
com.google.protobuf:protobuf-java
(RubyGems)
Oct 4, 2022
papercrop does not properly handle crop input
Critical
CVE-2015-2784
was published
for
papercrop
(RubyGems)
May 24, 2022
openshift-origin-node Improper Input Validation vulnerability
Moderate
CVE-2014-0084
was published
for
openshift-origin-node
(RubyGems)
May 17, 2022
GitLab Grit Gem for Ruby contains a flaw allowing arbitrary commands to be executed
Moderate
CVE-2013-4489
was published
for
gitlab-grit
(RubyGems)
May 17, 2022
RubyGems Improper Input Validation vulnerability
Moderate
CVE-2015-4020
was published
for
rubygems-update
(RubyGems)
May 17, 2022
i18n Vulnerable to Denial of Service Attack
High
CVE-2014-10077
was published
for
i18n
(RubyGems)
May 14, 2022
RubyGems Improper Input Validation vulnerability
High
CVE-2017-0900
was published
for
rubygems-update
(RubyGems)
May 14, 2022
RubyGems Improper Input Validation vulnerability
Moderate
CVE-2018-1000077
was published
for
org.jruby:jruby-stdlib
(RubyGems)
May 14, 2022
RubyGems may allow a maliciously crafted gem to overwrite files
High
CVE-2017-0901
was published
for
rubygems-update
(RubyGems)
May 13, 2022
open-uri-cached Gem for Ruby Unsafe Temporary File Creation Enables Code Execution
High
CVE-2015-3649
was published
for
open-uri-cached
(RubyGems)
May 13, 2022
Bundler may install gems from a different source than expected
Moderate
CVE-2013-0334
was published
for
bundler
(RubyGems)
May 5, 2022
PDFKit Improper Input Validation vulnerability
Critical
CVE-2013-1607
was published
for
pdfkit
(RubyGems)
May 5, 2022
RubyGems passenger gem allows remote attackers to delete files
High
CVE-2012-6135
was published
for
passenger
(RubyGems)
Apr 23, 2022
Remote shell execution vulnerability in image_processing
Critical
CVE-2022-24720
was published
for
image_processing
(RubyGems)
Mar 1, 2022
Moped Rubygem Data Injection Vulnerability
High
CVE-2015-4410
was published
for
moped
(RubyGems)
Aug 19, 2020
Ability to change order address without triggering address validations in solidus
Moderate
CVE-2020-15109
was published
for
solidus_api
(RubyGems)
Aug 4, 2020
Unsafe object creation in json RubyGem
High
CVE-2020-10663
was published
for
json
(RubyGems)
Jul 27, 2020
Rack allows Percent-encoded cookies to overwrite existing prefixed cookie names
High
CVE-2020-8184
was published
for
rack
(RubyGems)
Jun 24, 2020
Denial of Service in uap-core when processing crafted User-Agent strings
Moderate
CVE-2020-5243
was published
for
uap-core
(RubyGems)
Feb 20, 2020
Improper Input Validation in simple_form
Critical
CVE-2019-16676
was published
for
simple_form
(RubyGems)
Sep 30, 2019
ProTip!
Advisories are also available from the
GraphQL API