Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

890 advisories

Loading
rails-html-sanitizer has XSS vulnerability with certain configurations Low
CVE-2024-53989 was published for rails-html-sanitizer (RubyGems) Dec 2, 2024
rails-html-sanitizer has XSS vulnerability with certain configurations Low
CVE-2024-53987 was published for rails-html-sanitizer (RubyGems) Dec 2, 2024
rails-html-sanitizer has XSS vulnerability with certain configurations Low
CVE-2024-53988 was published for rails-html-sanitizer (RubyGems) Dec 2, 2024
rails-html-sanitizer has XSS vulnerability with certain configurations Low
CVE-2024-53986 was published for rails-html-sanitizer (RubyGems) Dec 2, 2024
rails-html-sanitize has XSS vulnerability with certain configurations Low
CVE-2024-53985 was published for rails-html-sanitizer (RubyGems) Dec 2, 2024
Password Pusher rate limiter can be bypassed by forging proxy headers Low
CVE-2024-52796 was published for pwpush (RubyGems) Nov 20, 2024
decidim-meetings Cross-site scripting vulnerability in the online or hybrid meeting embeds Moderate
CVE-2024-45594 was published for decidim-meetings (RubyGems) Nov 13, 2024
whotwagner
Decidim-Awesome has SQL injection in AdminAccountability High
CVE-2024-43415 was published for decidim-decidim_awesome (RubyGems) Nov 12, 2024
whotwagner
Sinatra vulnerable to Reliance on Untrusted Inputs in a Security Decision Moderate
CVE-2024-21510 was published for sinatra (RubyGems) Nov 1, 2024
ThomasKoppensteiner
MPXJ has a Potential Path Traversal Vulnerability Moderate
CVE-2024-49771 was published for MPXJ.Net (RubyGems) Oct 28, 2024
REXML ReDoS vulnerability Moderate
CVE-2024-49761 was published for rexml (RubyGems) Oct 28, 2024
Autolab Misconfigured Reset Password Permissions High
CVE-2024-49376 was published for Autolab (RubyGems) Oct 25, 2024
HenryHuang2004
camaleon_cms affected by cross site scripting Moderate
CVE-2024-48652 was published for camaleon_cms (RubyGems) Oct 23, 2024
Possible ReDoS vulnerability in block_format in Action Mailer Moderate
CVE-2024-47889 was published for actionmailer (RubyGems) Oct 15, 2024
Possible ReDoS vulnerability in plain_text_for_blockquote_node in Action Text Moderate
CVE-2024-47888 was published for actiontext (RubyGems) Oct 15, 2024
Possible ReDoS vulnerability in HTTP Token authentication in Action Controller Moderate
CVE-2024-47887 was published for actionpack (RubyGems) Oct 15, 2024
Possible ReDoS vulnerability in query parameter filtering in Action Dispatch Moderate
CVE-2024-41128 was published for actionpack (RubyGems) Oct 15, 2024
OpenC3 stores passwords in clear text (`GHSL-2024-129`) Moderate
CVE-2024-47529 was published for @openc3/tool-common (RubyGems) Oct 2, 2024
p-
OpenC3 Path Traversal via screen controller (`GHSL-2024-127`) High
CVE-2024-46977 was published for openc3 (RubyGems) Oct 2, 2024
p-
OpenC3 Cross-site Scripting in Login functionality (`GHSL-2024-128`) Moderate
CVE-2024-43795 was published for @openc3/tool-common (RubyGems) Oct 2, 2024
p-
Decidim has a cross-site scripting vulnerability in the version control page High
CVE-2024-41673 was published for decidim (RubyGems) Oct 1, 2024
Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184) Moderate
GHSA-75j2-9gmc-m855 was published for camaleon_cms (RubyGems) Sep 25, 2024
Heap-based Buffer Overflow in sqlite-vec High
CVE-2024-46488 was published for sqlite-vec (RubyGems) Sep 25, 2024
Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184) Moderate
GHSA-8fx8-3rg2-79xw was published for camaleon_cms (RubyGems) Sep 23, 2024
Camaleon CMS vulnerable to remote code execution through code injection (GHSL-2024-185) High
GHSA-3hp8-6j24-m5gm was published for camaleon_cms (RubyGems) Sep 23, 2024
ProTip! Advisories are also available from the GraphQL API