Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
22
Go
2,095
Maven
5,000+
npm
3,760
NuGet
678
pip
3,446
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

892 advisories

Loading
ReDoS based DoS vulnerability in Active Support's underscore Low
CVE-2023-22796 was published for activesupport (RubyGems) Jan 18, 2023
robertoz-01 postmodern
G-Rath
Open Redirect Vulnerability in Action Pack Moderate
CVE-2023-22797 was published for actionpack (RubyGems) Jan 18, 2023
Denial of Service Vulnerability in ActiveRecord's PostgreSQL adapter High
CVE-2022-44566 was published for activerecord (RubyGems) Jan 18, 2023
robertoz-01 aviyam181199
G-Rath
ReDoS based DoS vulnerability in Action Dispatch Low
CVE-2023-22795 was published for actionpack (RubyGems) Jan 18, 2023
robertoz-01 esparta
SQL Injection Vulnerability via ActiveRecord comments High
CVE-2023-22794 was published for activerecord (RubyGems) Jan 18, 2023
kurt-r2c
Denial of service via header parsing in Rack High
CVE-2022-44570 was published for rack (RubyGems) Jan 18, 2023
Denial of service via multipart parsing in Rack Low
CVE-2022-44572 was published for rack (RubyGems) Jan 18, 2023
ReDoS based DoS vulnerability in GlobalID Low
CVE-2023-22799 was published for globalid (RubyGems) Jan 18, 2023
tdunlap607
Sisimai Inefficient Regular Expression Complexity vulnerability Moderate
CVE-2022-4891 was published for sisimai (RubyGems) Jan 17, 2023
Code injection in ruby git High
CVE-2022-47318 was published for git (RubyGems) Jan 17, 2023
curupira is vulnerable to SQL injection Critical
CVE-2015-10053 was published for curupira (RubyGems) Jan 16, 2023
Integer overflow in publify_core Critical
CVE-2022-1812 was published for publify_core (RubyGems) Jan 14, 2023
Publify Improper Input Validation vulnerability Critical
CVE-2023-0299 was published for publify_core (RubyGems) Jan 14, 2023
Publify Core does not strip metadata from images Moderate
CVE-2022-2815 was published for publify_core (RubyGems) Jan 14, 2023
ruby-git has potential remote code execution vulnerability High
CVE-2022-46648 was published for git (RubyGems) Jan 9, 2023
Inline SVG vulnerable to Cross-site Scripting Moderate
CVE-2020-36644 was published for inline_svg (RubyGems) Jan 7, 2023
PgHero Allows Information Disclosure Through EXPLAIN Feature High
CVE-2023-22626 was published for pghero (RubyGems) Jan 5, 2023
httparty has multipart/form-data request tampering vulnerability Moderate
CVE-2024-22049 was published for httparty (RubyGems) Jan 3, 2023
motoyasu-saburi
keynote Cross-site Scripting vulnerability Moderate
CVE-2017-20159 was published for keynote (RubyGems) Dec 31, 2022
Oxidized Web vulnerable to Cross-site Scripting Moderate
CVE-2019-25088 was published for oxidized-web (RubyGems) Dec 27, 2022
text_helpers uses web link to untrusted target with window.opener access Moderate
CVE-2020-36624 was published for text_helpers (RubyGems) Dec 22, 2022
active_attr Improper Resource Shutdown or Release vulnerability High
CVE-2021-4250 was published for active_attr (RubyGems) Dec 19, 2022
Possible XSS vulnerability with certain configurations of rails-html-sanitizer Moderate
CVE-2022-23520 was published for rails-html-sanitizer (RubyGems) Dec 13, 2022
Possible XSS vulnerability with certain configurations of rails-html-sanitizer Moderate
CVE-2022-23519 was published for rails-html-sanitizer (RubyGems) Dec 13, 2022
Improper neutralization of data URIs may allow XSS in rails-html-sanitizer Moderate
CVE-2022-23518 was published for rails-html-sanitizer (RubyGems) Dec 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database