GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,110
Erlang
29
GitHub Actions
19
Go
1,926
Maven
5,000+
npm
3,664
NuGet
642
pip
3,266
Pub
10
RubyGems
873
Rust
825
Swift
35
Unreviewed advisories
All unreviewed
5,000+
873 advisories
Filter by severity
OpenC3 stores passwords in clear text (`GHSL-2024-129`)
Moderate
CVE-2024-47529
was published
for
@openc3/tool-common
(RubyGems)
Oct 2, 2024
OpenC3 Path Traversal via screen controller (`GHSL-2024-127`)
High
CVE-2024-46977
was published
for
openc3
(RubyGems)
Oct 2, 2024
OpenC3 Cross-site Scripting in Login functionality (`GHSL-2024-128`)
Moderate
CVE-2024-43795
was published
for
@openc3/tool-common
(RubyGems)
Oct 2, 2024
Decidim has a cross-site scripting vulnerability in the version control page
High
CVE-2024-41673
was published
for
decidim
(RubyGems)
Oct 1, 2024
Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184)
Moderate
GHSA-75j2-9gmc-m855
was published
for
camaleon_cms
(RubyGems)
Sep 25, 2024
Heap-based Buffer Overflow in sqlite-vec
High
CVE-2024-46488
was published
for
sqlite-vec
(RubyGems)
Sep 25, 2024
Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184)
Moderate
GHSA-8fx8-3rg2-79xw
was published
for
camaleon_cms
(RubyGems)
Sep 23, 2024
Camaleon CMS vulnerable to remote code execution through code injection (GHSL-2024-185)
High
GHSA-3hp8-6j24-m5gm
was published
for
camaleon_cms
(RubyGems)
Sep 23, 2024
HTTP Request Smuggling in ruby webrick
High
CVE-2024-47220
was published
for
webrick
(RubyGems)
Sep 22, 2024
Puma's header normalization allows for client to clobber proxy set headers
Moderate
CVE-2024-45614
was published
for
puma
(RubyGems)
Sep 20, 2024
protobuf-java has potential Denial of Service issue
High
CVE-2024-7254
was published
for
com.google.protobuf:protobuf-java
(RubyGems)
Sep 19, 2024
Camaleon CMS vulnerable to remote code execution through code injection (GHSL-2024-185)
High
GHSA-7x4w-cj9r-h4v9
was published
for
camaleon_cms
(RubyGems)
Sep 18, 2024
Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184)
Moderate
GHSA-r9cr-qmfw-pmrc
was published
for
camaleon_cms
(RubyGems)
Sep 18, 2024
Camaleon CMS vulnerable to arbitrary path traversal (GHSL-2024-183)
High
CVE-2024-46987
was published
for
camaleon_cms
(RubyGems)
Sep 18, 2024
Camaleon CMS affected by arbitrary file write to RCE (GHSL-2024-182)
High
CVE-2024-46986
was published
for
camaleon_cms
(RubyGems)
Sep 18, 2024
Devise-Two-Factor Authentication Uses Insufficient Default OTP Shared Secret Length
Moderate
CVE-2024-8796
was published
for
devise-two-factor
(RubyGems)
Sep 17, 2024
Decidim::Admin vulnerable to cross-site scripting (XSS) in the admin panel with QuillJS WYSWYG editor
Moderate
CVE-2024-39910
was published
for
decidim
(RubyGems)
Sep 16, 2024
Decidim::Admin vulnerable to cross-site scripting (XSS) in the admin activity log
Moderate
CVE-2024-32034
was published
for
decidim-admin
(RubyGems)
Sep 16, 2024
omniauth-saml vulnerable to Improper Verification of Cryptographic Signature
Critical
GHSA-cvp8-5r8g-fhvq
was published
for
omniauth-saml
(RubyGems)
Sep 11, 2024
SAML authentication bypass via Incorrect XPath selector
Critical
CVE-2024-45409
was published
for
ruby-saml
(RubyGems)
Sep 10, 2024
request_store has Incorrect Default Permissions
Moderate
CVE-2024-43791
was published
for
request_store
(RubyGems)
Aug 23, 2024
REXML denial of service vulnerability
Moderate
CVE-2024-43398
was published
for
rexml
(RubyGems)
Aug 22, 2024
fugit parse and parse_nat stall on lengthy input
Moderate
CVE-2024-43380
was published
for
fugit
(RubyGems)
Aug 19, 2024
Command Injection in sequenceserver
Critical
CVE-2024-42360
was published
for
sequenceserver
(RubyGems)
Aug 13, 2024
ProTip!
Advisories are also available from the
GraphQL API