Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

105 advisories

Loading
omniauth-weibo-oauth2 included a code-execution backdoor inserted by a third party Critical
CVE-2019-17268 was published for omniauth-weibo-oauth2 (RubyGems) May 24, 2022
papercrop does not properly handle crop input Critical
CVE-2015-2784 was published for papercrop (RubyGems) May 24, 2022
Publify vulnerable to cross site scripting Critical
CVE-2022-1811 was published for publify_core (RubyGems) May 24, 2022
Katello uses hard coded credential Critical
CVE-2012-3503 was published for katello (RubyGems) May 17, 2022
postmodern
karo Metacharacter Handling Remote Command Execution Critical
CVE-2014-10075 was published for karo (RubyGems) May 14, 2022
jasnow
Phusion Passenger SpawningKit Contains Arbitrary Read/Write Vulnerability Critical
CVE-2018-12026 was published for passenger (RubyGems) May 14, 2022
RubyGems Improper Verification of Cryptographic Signature vulnerability Critical
CVE-2018-1000076 was published for org.jruby:jruby-stdlib (RubyGems) May 14, 2022
Bundler allows attacker to inject arbitrary code via secondary Gem source Critical
CVE-2016-7954 was published for bundler (RubyGems) May 14, 2022
Ruby Openssl Allows Incorrect Value Comparison Critical
CVE-2018-16395 was published for openssl (RubyGems) May 13, 2022
postmodern
RubyGems vulnerable to Deserialization of Untrusted Data Critical
CVE-2017-0903 was published for rubygems-update (RubyGems) May 13, 2022
RubyGems Code Injection vulnerability Critical
CVE-2017-0899 was published for rubygems-update (RubyGems) May 13, 2022
Nokogiri vulnerable to libxslt protection mechanism bypass Critical
CVE-2019-11068 was published for nokogiri (RubyGems) May 13, 2022
smalruby and smalruby-editor vulnerable to OS Command Injection Critical
CVE-2017-2096 was published for smalruby (RubyGems) May 13, 2022
Fluentd Escape Sequence Injection Vulnerability Critical
CVE-2017-10906 was published for fluentd (RubyGems) May 13, 2022
Puppet Improper Access Control Critical
CVE-2016-2785 was published for puppet (RubyGems) May 13, 2022
PDFKit Improper Input Validation vulnerability Critical
CVE-2013-1607 was published for pdfkit (RubyGems) May 5, 2022
RubyGem openshift-origin-controller is vulnerable to command injection Critical
CVE-2013-2095 was published for openshift-origin-controller (RubyGems) May 5, 2022
CSV-Safe improperly filters special characters potentially leading to CSV injection Critical
CVE-2022-28481 was published for csv-safe (RubyGems) May 3, 2022
Server side request forgery in gibbon Critical
CVE-2022-27311 was published for gibbon (RubyGems) Apr 26, 2022
Plsr
Command injection in ruby-git Critical
CVE-2022-25648 was published for git (RubyGems) Apr 20, 2022
Command Injection vulnerability in asciidoctor-include-ext Critical
CVE-2022-24803 was published for asciidoctor-include-ext (RubyGems) Mar 31, 2022
joernchen
Puma vulnerable to HTTP Request Smuggling Critical
CVE-2022-24790 was published for puma (RubyGems) Mar 30, 2022
zeyu2001
Possible code injection vulnerability in Rails / Active Storage Critical
CVE-2022-21831 was published for activestorage (RubyGems) Mar 8, 2022
sergey-alekseev
Remote shell execution vulnerability in image_processing Critical
CVE-2022-24720 was published for image_processing (RubyGems) Mar 1, 2022
Buffer overrun in CGI.escape_html Critical
CVE-2021-41816 was published for cgi (RubyGems) Dec 14, 2021
kir-b
ProTip! Advisories are also available from the GraphQL API