Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,467
Erlang
33
GitHub Actions
23
Go
2,172
Maven
5,000+
npm
3,832
NuGet
696
pip
3,508
Pub
12
RubyGems
910
Rust
907
Swift
38
Unreviewed advisories
All unreviewed
5,000+

13 advisories

Loading
graphql allows remote code execution when loading a crafted GraphQL schema Critical
CVE-2025-27407 was published for graphql (RubyGems) Mar 12, 2025
yvvdwf rmosolgo
joernchen adarshan-gl
Server-Side Template Injection in Camaleon CMS Critical
CVE-2023-30145 was published for camaleon_cms (RubyGems) May 26, 2023
Code injection in pdf_info Critical
CVE-2022-36231 was published for pdf_info (RubyGems) Feb 24, 2023
omniauth-weibo-oauth2 included a code-execution backdoor inserted by a third party Critical
CVE-2019-17268 was published for omniauth-weibo-oauth2 (RubyGems) May 24, 2022
Bundler allows attacker to inject arbitrary code via secondary Gem source Critical
CVE-2016-7954 was published for bundler (RubyGems) May 14, 2022
RubyGems Code Injection vulnerability Critical
CVE-2017-0899 was published for rubygems-update (RubyGems) May 13, 2022
Possible code injection vulnerability in Rails / Active Storage Critical
CVE-2022-21831 was published for activestorage (RubyGems) Mar 8, 2022
sergey-alekseev
Dragonfly contains remote code execution vulnerability Critical
CVE-2021-33564 was published for dragonfly (RubyGems) Jun 2, 2021
rest-client Gem Contains Malicious Code Critical
CVE-2019-15224 was published for awesome-bot (RubyGems) Aug 20, 2019
datagrid contains code Injection backdoor Critical
CVE-2019-14281 was published for datagrid (RubyGems) Jul 31, 2019
Code backdoor in simple_captcha2 Critical
CVE-2019-14282 was published for simple_captcha2 (RubyGems) Jul 31, 2019
strong_password Ruby gem malicious version causing Remote Code Execution vulnerability Critical
CVE-2019-13354 was published for strong_password (RubyGems) Jul 8, 2019
Bootstrap-sass contains code execution backdoor Critical
CVE-2019-10842 was published for bootstrap-sass (RubyGems) Apr 4, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database