Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,781
Erlang
36
GitHub Actions
29
Go
2,345
Maven
5,000+
npm
3,976
NuGet
719
pip
3,772
Pub
12
RubyGems
923
Rust
980
Swift
38
Unreviewed advisories
All unreviewed
5,000+

439 advisories

Loading
Publify contains Weak Password Requirements Moderate
CVE-2023-0569 was published for publify_core (RubyGems) Jan 29, 2023
rails-html-sanitizer Cross-site Scripting vulnerability Moderate
CVE-2018-3741 was published for rails-html-sanitizer (RubyGems) Apr 26, 2018
sprockets vulnerable to Path Traversal Moderate
CVE-2014-7819 was published for sprockets (RubyGems) Oct 24, 2017
Camaleon CMS vulnerable to Server-Side Request Forgery Moderate
CVE-2021-25972 was published for camaleon_cms (RubyGems) May 24, 2022
Camaleon CMS vulnerable to Stored Cross-site Scripting Moderate
CVE-2018-18260 was published for camaleon_cms (RubyGems) May 13, 2022
Camaleon CMS vulnerable to Uncaught Exception Moderate
CVE-2021-25971 was published for camaleon_cms (RubyGems) May 24, 2022
katello SQL Injection vulnerability Moderate
CVE-2018-14623 was published for katello (RubyGems) May 13, 2022
administrate vulnerable to Cross-Site Request Forgery Moderate
CVE-2016-3098 was published for administrate (RubyGems) Aug 6, 2022
katello Cross-site Scripting vulnerability Moderate
CVE-2018-16887 was published for katello (RubyGems) May 14, 2022
xapian-core Cross-site Scripting vulnerability Moderate
CVE-2018-0499 was published for xapian-core (RubyGems) May 14, 2022
ccsv Double Free vulnerability Moderate
CVE-2017-15364 was published for ccsv (RubyGems) May 17, 2022
Rack vulnerable to Denial of Service Moderate
CVE-2013-0184 was published for rack (RubyGems) May 5, 2022
Gem in a Box vulnerable to Cross-site Scripting Moderate
CVE-2017-14506 was published for geminabox (RubyGems) May 13, 2022
RubyGems Path Traversal vulnerability Moderate
CVE-2018-1000079 was published for org.jruby:jruby-stdlib (RubyGems) May 14, 2022
RubyGems Improper Input Validation vulnerability Moderate
CVE-2018-1000077 was published for org.jruby:jruby-stdlib (RubyGems) May 14, 2022
RubyGems Cross-site Scripting vulnerability Moderate
CVE-2018-1000078 was published for org.jruby:jruby-stdlib (RubyGems) May 14, 2022
Doorkeeper-openid_connect contains Open Redirect Moderate
CVE-2019-9837 was published for doorkeeper-openid_connect (RubyGems) Mar 25, 2019
Gollum Exposure of Sensitive Information Moderate
CVE-2015-7314 was published for gollum (RubyGems) Aug 28, 2018
grape subject to Cross-site Scripting Moderate
CVE-2018-3769 was published for grape (RubyGems) Aug 13, 2018
Geminabox contains Cross-site Scripting Moderate
CVE-2017-16792 was published for geminabox (RubyGems) Nov 29, 2017
Reflective Cross-site Scripting Vulnerability in twitter-bootstrap-rails Moderate
CVE-2014-4920 was published for twitter-bootstrap-rails (RubyGems) Mar 16, 2023
apollo_upload_server has Denial of Service vulnerability Moderate
CVE-2021-39880 was published for apollo_upload_server (RubyGems) May 24, 2022
jasnow
Content Injection via TileJSON Name in mapbox.js Moderate
CVE-2017-1000043 was published for mapbox-rails (RubyGems) Nov 9, 2018
Content Injection via TileJSON attribute in mapbox.js Moderate
CVE-2017-1000042 was published for mapbox-rails (RubyGems) Nov 9, 2018
qiita-markdown Cross-site Scripting vulnerability Moderate
CVE-2021-28833 was published for qiita-markdown (RubyGems) Aug 2, 2021
tdunlap607
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database