Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
2,891
Erlang
24
GitHub Actions
39
Go
2,240
Maven
2,698
npm
2,899
NuGet
500
pip
2,728
Pub
5
RubyGems
364
Rust
889
Swift
19
Unreviewed advisories
All unreviewed
5,000+

364 advisories

Loading
Unbounded resource exhaustion in cmark-gfm autolink extension may lead to denial of service Moderate
GHSA-4qw4-jpp4-8gvp was published for commonmarker (RubyGems) Sep 21, 2022
Pageflow vulnerable to insecure direct object reference in membership update endpoint High
GHSA-qcqv-38jg-2r43 was published for pageflow (RubyGems) Sep 15, 2022
Pageflow vulnerable to sensitive user data extraction via Ransack query injection High
GHSA-wrrw-crp8-979q was published for pageflow (RubyGems) Sep 15, 2022
ExifTool vulnerable to arbitrary code execution High
GHSA-q95h-cqrv-8jv5 was published for exiftool_vendored (RubyGems) Jan 20, 2023
dgollahon Credited to dgollahon
Fat Free CRM allows remote attackers to obtain sensitive information via a direct request Moderate
CVE-2013-7224 was published for fat_free_crm (RubyGems) May 17, 2022
Fat Free CRM subject to Cross-site Scripting Moderate
CVE-2014-5441 was published for fat_free_crm (RubyGems) May 17, 2022
Publify Core does not strip metadata from images Moderate
CVE-2022-2815 was published for publify_core (RubyGems) Jan 14, 2023
Publify Improper Input Validation vulnerability Critical
CVE-2023-0299 was published for publify_core (RubyGems) Jan 14, 2023
Sanitize vulnerable to Improper Input Validation and Cross-site Scripting High
CVE-2018-3740 was published for sanitize (RubyGems) Mar 21, 2018
Improper Certificate Validation in oauth ruby gem High
CVE-2016-11086 was published for oauth (RubyGems) Apr 22, 2021
net-ldap has weak salt when generating passwords Moderate
CVE-2014-0083 was published for net-ldap (RubyGems) May 24, 2022
Several quadratic complexity bugs may lead to denial of service in Commonmarker Moderate
GHSA-636f-xm5j-pj9m was published for commonmarker (RubyGems) Jan 24, 2023
Integer overflow in publify_core Critical
CVE-2022-1812 was published for publify_core (RubyGems) Jan 14, 2023
ldap_fluff authentication bypass Moderate
CVE-2012-5604 was published for ldap_fluff (RubyGems) May 14, 2022
Camaleon CMS Stored Cross-site Scripting vulnerability Moderate
CVE-2021-25969 was published for camaleon_cms (RubyGems) May 24, 2022
VladTheEnterprising allows local users to write to arbitrary files via a symlink attack Moderate
CVE-2014-4996 was published for VladTheEnterprising (RubyGems) May 14, 2022
Phusion Passenger information disclosure Moderate
CVE-2017-16355 was published for passenger (RubyGems) May 13, 2022
jhutchings1 Credited to jhutchings1
Cross site scripting in publify Moderate
CVE-2021-25974 was published for publify_core (RubyGems) May 24, 2022
Cross site scripting in publify Moderate
CVE-2021-25975 was published for publify_core (RubyGems) May 24, 2022
Octokit gem published with world-writable files Low
CVE-2022-31072 was published for octokit (RubyGems) Jun 15, 2022
Arbitrary file write in dragonfly Critical
CVE-2021-33473 was published for dragonfly (RubyGems) Jun 3, 2022
fluentd vulnerable to remote code execution due to insecure deserialization (in non-default configuration) Low
CVE-2022-39379 was published for fluentd (RubyGems) Nov 2, 2022
p- Credited to p-
PgHero Allows Information Disclosure Through EXPLAIN Feature High
CVE-2023-22626 was published for pghero (RubyGems) Jan 5, 2023
OmniAuth's `lib/omniauth/failure_endpoint.rb` does not escape `message_key` value Critical
CVE-2020-36599 was published for omniauth (RubyGems) Aug 19, 2022
gsimoesr Credited to gsimoesr
arr-pm vulnerable to arbitrary shell execution when extracting or listing files contained in a malicious rpm. High
CVE-2022-39224 was published for arr-pm (RubyGems) Sep 21, 2022
joernchen Credited to joernchen
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database