Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

424 advisories

Loading
Nokogiri update packaged libxml2 to v2.12.5 to resolve CVE-2024-25062 Moderate
GHSA-xc9x-jj77-9p9j was published for nokogiri (RubyGems) Feb 5, 2024
yoshizawa-masatoshi lumaxis
Cross-site scripting (XSS) in Action messages on Avo Moderate
CVE-2024-22411 was published for avo (RubyGems) Jan 17, 2024
stevegeek tamaloa
Devise-Two-Factor vulnerable to brute force attacks Moderate
CVE-2024-0227 was published for devise-two-factor (RubyGems) Jan 12, 2024 withdrawn
bsedat
Puma HTTP Request/Response Smuggling vulnerability Moderate
CVE-2024-21647 was published for puma (RubyGems) Jan 8, 2024
bartekn
view_component Cross-site Scripting vulnerability Moderate
CVE-2024-21636 was published for view_component (RubyGems) Jan 4, 2024
BlakeWilliams camertron
Duplicate Advisory: httparty has multipart/form-data request tampering vulnerability Moderate
GHSA-g47j-3m2m-74qv was published for httparty (RubyGems) Jan 4, 2024 withdrawn
ActiveAdmin CSV Injection leading to sensitive information disclosure Moderate
CVE-2023-51763 was published for activeadmin (RubyGems) Dec 28, 2023
Resque vulnerable to Reflected Cross Site Scripting through pathnames Moderate
CVE-2023-50724 was published for resque (RubyGems) Dec 18, 2023
brianvans 0977732077
Resque vulnerable to reflected XSS in resque-web failed and queues lists Moderate
CVE-2023-50725 was published for resque (RubyGems) Dec 18, 2023
madslundholmdk
Resque vulnerable to reflected XSS in Queue Endpoint Moderate
CVE-2023-50727 was published for resque (RubyGems) Dec 18, 2023
priya-hinduja PatrickTulskie
Resque Scheduler Reflected XSS In Delayed Jobs View Moderate
CVE-2022-44303 was published for resque-scheduler (RubyGems) Dec 18, 2023
jchristman PatrickTulskie
pubnub Insufficient Entropy vulnerability Moderate
CVE-2023-26154 was published for Pubnub (RubyGems) Dec 6, 2023
CarrierWave Content-Type allowlist bypass vulnerability, possibly leading to XSS Moderate
CVE-2023-49090 was published for carrierwave (RubyGems) Nov 29, 2023
a-zara-n
memory leak flaw was found in ruby-magick Moderate
CVE-2023-5349 was published for rmagick (RubyGems) Oct 30, 2023
svg_optimizer rubygem external XML entity (XXE) vulnerability Moderate
CVE-2023-46035 was published for svg_optimizer (RubyGems) Oct 20, 2023
sidekiq Denial of Service vulnerability Moderate
CVE-2023-26141 was published for sidekiq (RubyGems) Sep 14, 2023
wwahammy kflavin
martingregoire
Several quadratic complexity bugs may lead to denial of service in Commonmarker Moderate
GHSA-7vh7-fw88-wj87 was published for commonmarker (RubyGems) Aug 8, 2023
protocol-http1 HTTP Request/Response Smuggling vulnerability Moderate
CVE-2023-38697 was published for protocol-http1 (RubyGems) Aug 3, 2023
mukeran chenjj
ioquatix
Decidim Cross-site Scripting vulnerability in the external link redirections Moderate
CVE-2023-32693 was published for decidim (RubyGems) Jul 11, 2023
p- alecslupu
ahukkanen andreslucena
gRPC connection termination issue Moderate
CVE-2023-32732 was published for grpc (RubyGems) Jul 6, 2023
jonasfj
URI gem has ReDoS vulnerability Moderate
CVE-2023-36617 was published for uri (RubyGems) Jun 29, 2023
jasnow maxfelsher-cgi
Actionpack has possible cross-site scripting vulnerability via User Supplied Values to redirect_to Moderate
CVE-2023-28362 was published for actionpack (RubyGems) Jun 29, 2023
Duplicate Advisory: jQuery Cross Site Scripting vulnerability Moderate
CVE-2020-23064 was published for jQuery (RubyGems) Jun 26, 2023 withdrawn
eoftedal
Doorkeeper Improper Authentication vulnerability Moderate
CVE-2023-34246 was published for doorkeeper (RubyGems) Jun 12, 2023
hickford rgammans
adam-h nbudin nbulaj
rails-ujs vulnerable to DOM Based Cross-site Scripting contenteditable HTML Elements Moderate
CVE-2023-23913 was published for actionview (RubyGems) Jun 9, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database