GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,263
Erlang
31
GitHub Actions
21
Go
2,033
Maven
5,000+
npm
3,732
NuGet
662
pip
3,411
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+
34 advisories
Filter by severity
Server-Side Template Injection in Camaleon CMS
Critical
CVE-2023-30145
was published
for
camaleon_cms
(RubyGems)
May 26, 2023
Code injection in pdf_info
Critical
CVE-2022-36231
was published
for
pdf_info
(RubyGems)
Feb 24, 2023
ruby-git has potential remote code execution vulnerability
High
CVE-2022-46648
was published
for
git
(RubyGems)
Jan 9, 2023
omniauth-weibo-oauth2 included a code-execution backdoor inserted by a third party
Critical
CVE-2019-17268
was published
for
omniauth-weibo-oauth2
(RubyGems)
May 24, 2022
Sup Code Injection vulnerability
Moderate
CVE-2013-4478
was published
for
sup
(RubyGems)
May 17, 2022
Sup Code Injection vulnerability
Moderate
CVE-2013-4479
was published
for
sup
(RubyGems)
May 17, 2022
Publify vulnerable to code injection
Moderate
CVE-2022-0578
was published
for
publify_core
(RubyGems)
May 17, 2022
Bundler allows attacker to inject arbitrary code via secondary Gem source
Critical
CVE-2016-7954
was published
for
bundler
(RubyGems)
May 14, 2022
RubyGems Code Injection vulnerability
Critical
CVE-2017-0899
was published
for
rubygems-update
(RubyGems)
May 13, 2022
Possible code injection vulnerability in Rails / Active Storage
Critical
CVE-2022-21831
was published
for
activestorage
(RubyGems)
Mar 8, 2022
Dragonfly contains remote code execution vulnerability
Critical
CVE-2021-33564
was published
for
dragonfly
(RubyGems)
Jun 2, 2021
Remote code execution in Kramdown
High
CVE-2021-28834
was published
for
kramdown
(RubyGems)
Mar 29, 2021
Code Injection vulnerability in CarrierWave::RMagick
High
CVE-2021-21305
was published
for
carrierwave
(RubyGems)
Feb 8, 2021
Remote code execution via user-provided local names in ActionView
High
CVE-2020-8163
was published
for
actionview
(RubyGems)
Jul 7, 2020
rest-client Gem Contains Malicious Code
Critical
CVE-2019-15224
was published
for
awesome-bot
(RubyGems)
Aug 20, 2019
datagrid contains code Injection backdoor
Critical
CVE-2019-14281
was published
for
datagrid
(RubyGems)
Jul 31, 2019
Code backdoor in simple_captcha2
Critical
CVE-2019-14282
was published
for
simple_captcha2
(RubyGems)
Jul 31, 2019
strong_password Ruby gem malicious version causing Remote Code Execution vulnerability
Critical
CVE-2019-13354
was published
for
strong_password
(RubyGems)
Jul 8, 2019
Code injection in RubyGems
High
CVE-2019-8324
was published
for
rubygems-update
(RubyGems)
Jun 20, 2019
Bootstrap-sass contains code execution backdoor
Critical
CVE-2019-10842
was published
for
bootstrap-sass
(RubyGems)
Apr 4, 2019
actionpack CRLF injection vulnerability
Moderate
CVE-2011-3186
was published
for
actionpack
(RubyGems)
Oct 24, 2017
Ruby on Rails vulnerable to code injection
High
CVE-2006-4111
was published
for
rails
(RubyGems)
Oct 24, 2017
MiniMagick Gem for Ruby URI Handling Arbitrary Command Injection
High
CVE-2013-2616
was published
for
mini_magick
(RubyGems)
Oct 24, 2017
ProTip!
Advisories are also available from the
GraphQL API