GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
147 advisories
Filter by severity
Fat Free CRM subject to Cross-site Scripting
Moderate
CVE-2014-5441
was published
for
fat_free_crm
(RubyGems)
May 17, 2022
Loofah Cross-site Scripting vulnerability
Moderate
CVE-2018-16468
was published
for
loofah
(RubyGems)
Nov 1, 2018
Cross-site Scripting in Chartkick
Moderate
CVE-2019-12732
was published
for
chartkick
(RubyGems)
Jun 7, 2019
rails-html-sanitizer Cross-site Scripting vulnerability
Moderate
CVE-2015-7578
was published
for
rails-html-sanitizer
(RubyGems)
Oct 24, 2017
paperclip Cross-site Scripting vulnerability
Moderate
CVE-2015-2963
was published
for
paperclip
(RubyGems)
Oct 24, 2017
rails-html-sanitizer Cross-site Scripting vulnerability
Moderate
CVE-2015-7580
was published
for
rails-html-sanitizer
(RubyGems)
Oct 24, 2017
rails-html-sanitizer Cross-site Scripting vulnerability
Moderate
CVE-2015-7579
was published
for
rails-html-sanitizer
(RubyGems)
Oct 24, 2017
Cross-site Scripting in Sidekiq
Moderate
CVE-2021-30151
was published
for
sidekiq
(RubyGems)
Oct 6, 2021
Cross-site scripting in padrino-contrib
Moderate
CVE-2019-16145
was published
for
padrino-contrib
(RubyGems)
Sep 23, 2019
radiant vulnerable to Cross-site Scripting
Moderate
CVE-2018-7261
was published
for
radiant
(RubyGems)
Jul 27, 2018
Camaleon CMS Stored Cross-site Scripting vulnerability
Moderate
CVE-2021-25969
was published
for
camaleon_cms
(RubyGems)
May 24, 2022
Ember.js Cross-site Scripting vulnerability
Moderate
CVE-2014-0013
was published
for
ember-source
(RubyGems)
May 14, 2022
Cross site scripting in publify
Moderate
CVE-2021-25974
was published
for
publify_core
(RubyGems)
May 24, 2022
Cross site scripting in publify
Moderate
CVE-2021-25975
was published
for
publify_core
(RubyGems)
May 24, 2022
Gollum Cross-site Scripting vulnerability via filename parameter to New Page dialog
Moderate
CVE-2020-35305
was published
for
gollum
(RubyGems)
Jul 16, 2022
Radiant CMS vulnerable to Cross-site Scripting
Moderate
CVE-2018-5216
was published
for
radiant
(RubyGems)
Jan 6, 2018
Improper neutralization of `noscript` element content may allow XSS in Sanitize
Moderate
CVE-2023-23627
was published
for
sanitize
(RubyGems)
Jan 28, 2023
rails-html-sanitizer Cross-site Scripting vulnerability
Moderate
CVE-2018-3741
was published
for
rails-html-sanitizer
(RubyGems)
Apr 26, 2018
Camaleon CMS vulnerable to Stored Cross-site Scripting
Moderate
CVE-2018-18260
was published
for
camaleon_cms
(RubyGems)
May 13, 2022
katello Cross-site Scripting vulnerability
Moderate
CVE-2018-16887
was published
for
katello
(RubyGems)
May 14, 2022
xapian-core Cross-site Scripting vulnerability
Moderate
CVE-2018-0499
was published
for
xapian-core
(RubyGems)
May 14, 2022
Gem in a Box vulnerable to Cross-site Scripting
Moderate
CVE-2017-14506
was published
for
geminabox
(RubyGems)
May 13, 2022
RubyGems Cross-site Scripting vulnerability
Moderate
CVE-2018-1000078
was published
for
org.jruby:jruby-stdlib
(RubyGems)
May 14, 2022
grape subject to Cross-site Scripting
Moderate
CVE-2018-3769
was published
for
grape
(RubyGems)
Aug 13, 2018
Geminabox contains Cross-site Scripting
Moderate
CVE-2017-16792
was published
for
geminabox
(RubyGems)
Nov 29, 2017
ProTip!
Advisories are also available from the
GraphQL API