GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,335
Erlang
31
GitHub Actions
22
Go
2,096
Maven
5,000+
npm
3,762
NuGet
678
pip
3,448
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+
892 advisories
Filter by severity
Publify vulnerable to DoS attack
High
CVE-2014-3211
was published
for
publify_core
(RubyGems)
May 17, 2022
openshift-origin-node Improper Input Validation vulnerability
Moderate
CVE-2014-0084
was published
for
openshift-origin-node
(RubyGems)
May 17, 2022
Spree does not properly restrict the use of a hash to provide values for a model's attributes
Moderate
CVE-2008-7310
was published
for
spree
(RubyGems)
May 17, 2022
Spree uses a hardcoded hash value
Moderate
CVE-2008-7311
was published
for
spree
(RubyGems)
May 17, 2022
Chef Improper Access Control vulnerability
Moderate
CVE-2010-5142
was published
for
chef
(RubyGems)
May 17, 2022
spree_auth_devise allows remote authenticated users to assign themselves arbitrary roles
Moderate
CVE-2013-2506
was published
for
spree_auth_devise
(RubyGems)
May 17, 2022
Katello uses hard coded credential
Critical
CVE-2012-3503
was published
for
katello
(RubyGems)
May 17, 2022
Rack-Cache caches sensitive headers
Moderate
CVE-2012-2671
was published
for
rack-cache
(RubyGems)
May 17, 2022
Rack Gem Subject to Denial of Service via Hash Collisions
Moderate
CVE-2011-5036
was published
for
org.jruby:jruby-parent
(RubyGems)
May 17, 2022
Sup Code Injection vulnerability
Moderate
CVE-2013-4478
was published
for
sup
(RubyGems)
May 17, 2022
Fat Free CRM has fixed token value
Moderate
CVE-2013-7222
was published
for
fat_free_crm
(RubyGems)
May 17, 2022
Fat Free CRM allows remote attackers to obtain sensitive information via a direct request
Moderate
CVE-2013-7224
was published
for
fat_free_crm
(RubyGems)
May 17, 2022
Fat Free CRM vulnerable to Exposure of Sensitive Information
Moderate
CVE-2013-7249
was published
for
fat_free_crm
(RubyGems)
May 17, 2022
Fat Free CRM contains Cross-site Request Forgery vulnerablilities
Moderate
CVE-2013-7223
was published
for
fat_free_crm
(RubyGems)
May 17, 2022
Fat Free CRM vulnerable to SQL Injection
Moderate
CVE-2013-7225
was published
for
fat_free_crm
(RubyGems)
May 17, 2022
RubyGems HTTPS to HTTP redirect
Moderate
CVE-2012-2125
was published
for
rubygems-update
(RubyGems)
May 17, 2022
RubyGems does not verify SSL certificate
Moderate
CVE-2012-2126
was published
for
rubygems-update
(RubyGems)
May 17, 2022
Kafo allows local users to obtain passwords and other sensitive information by reading default_values.yaml
Low
CVE-2014-0135
was published
for
kafo
(RubyGems)
May 17, 2022
GitLab Grit Gem for Ruby contains a flaw allowing arbitrary commands to be executed
Moderate
CVE-2013-4489
was published
for
gitlab-grit
(RubyGems)
May 17, 2022
Fat Free CRM subject to Cross-site Scripting
Moderate
CVE-2014-5441
was published
for
fat_free_crm
(RubyGems)
May 17, 2022
Sup Code Injection vulnerability
Moderate
CVE-2013-4479
was published
for
sup
(RubyGems)
May 17, 2022
Karteek Docsplit vulnerable to OS Command Injection
High
CVE-2013-1933
was published
for
karteek-docsplit
(RubyGems)
May 17, 2022
ccsv Double Free vulnerability
Moderate
CVE-2017-15364
was published
for
ccsv
(RubyGems)
May 17, 2022
RubyGems Regular Expression Denial of Service
Moderate
CVE-2013-4363
was published
for
rubygems-update
(RubyGems)
May 17, 2022
RubyGems Improper Input Validation vulnerability
Moderate
CVE-2015-4020
was published
for
rubygems-update
(RubyGems)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API