GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,282
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,741
NuGet
668
pip
3,422
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+
892 advisories
Filter by severity
Password Pusher Allows Session Token Interception Leading to Potential Hijacking
Moderate
CVE-2024-56733
was published
for
pwpush
(RubyGems)
Dec 30, 2024
Possible Content Security Policy bypass in Action Dispatch
Low
CVE-2024-54133
was published
for
actionpack
(RubyGems)
Dec 10, 2024
rails-html-sanitizer has XSS vulnerability with certain configurations
Low
CVE-2024-53989
was published
for
rails-html-sanitizer
(RubyGems)
Dec 2, 2024
rails-html-sanitizer has XSS vulnerability with certain configurations
Low
CVE-2024-53987
was published
for
rails-html-sanitizer
(RubyGems)
Dec 2, 2024
rails-html-sanitizer has XSS vulnerability with certain configurations
Low
CVE-2024-53988
was published
for
rails-html-sanitizer
(RubyGems)
Dec 2, 2024
rails-html-sanitizer has XSS vulnerability with certain configurations
Low
CVE-2024-53986
was published
for
rails-html-sanitizer
(RubyGems)
Dec 2, 2024
rails-html-sanitize has XSS vulnerability with certain configurations
Low
CVE-2024-53985
was published
for
rails-html-sanitizer
(RubyGems)
Dec 2, 2024
Password Pusher rate limiter can be bypassed by forging proxy headers
Low
CVE-2024-52796
was published
for
pwpush
(RubyGems)
Nov 20, 2024
decidim-meetings Cross-site scripting vulnerability in the online or hybrid meeting embeds
Moderate
CVE-2024-45594
was published
for
decidim-meetings
(RubyGems)
Nov 13, 2024
Decidim-Awesome has SQL injection in AdminAccountability
High
CVE-2024-43415
was published
for
decidim-decidim_awesome
(RubyGems)
Nov 12, 2024
Sinatra vulnerable to Reliance on Untrusted Inputs in a Security Decision
Moderate
CVE-2024-21510
was published
for
sinatra
(RubyGems)
Nov 1, 2024
MPXJ has a Potential Path Traversal Vulnerability
Moderate
CVE-2024-49771
was published
for
MPXJ.Net
(RubyGems)
Oct 28, 2024
Autolab Misconfigured Reset Password Permissions
High
CVE-2024-49376
was published
for
Autolab
(RubyGems)
Oct 25, 2024
camaleon_cms affected by cross site scripting
Moderate
CVE-2024-48652
was published
for
camaleon_cms
(RubyGems)
Oct 23, 2024
Possible ReDoS vulnerability in block_format in Action Mailer
Moderate
CVE-2024-47889
was published
for
actionmailer
(RubyGems)
Oct 15, 2024
Possible ReDoS vulnerability in plain_text_for_blockquote_node in Action Text
Moderate
CVE-2024-47888
was published
for
actiontext
(RubyGems)
Oct 15, 2024
Possible ReDoS vulnerability in HTTP Token authentication in Action Controller
Moderate
CVE-2024-47887
was published
for
actionpack
(RubyGems)
Oct 15, 2024
Possible ReDoS vulnerability in query parameter filtering in Action Dispatch
Moderate
CVE-2024-41128
was published
for
actionpack
(RubyGems)
Oct 15, 2024
OpenC3 stores passwords in clear text (`GHSL-2024-129`)
Moderate
CVE-2024-47529
was published
for
@openc3/tool-common
(RubyGems)
Oct 2, 2024
OpenC3 Path Traversal via screen controller (`GHSL-2024-127`)
High
CVE-2024-46977
was published
for
openc3
(RubyGems)
Oct 2, 2024
OpenC3 Cross-site Scripting in Login functionality (`GHSL-2024-128`)
Moderate
CVE-2024-43795
was published
for
@openc3/tool-common
(RubyGems)
Oct 2, 2024
Decidim has a cross-site scripting vulnerability in the version control page
High
CVE-2024-41673
was published
for
decidim
(RubyGems)
Oct 1, 2024
Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184)
Moderate
GHSA-75j2-9gmc-m855
was published
for
camaleon_cms
(RubyGems)
Sep 25, 2024
Heap-based Buffer Overflow in sqlite-vec
High
CVE-2024-46488
was published
for
sqlite-vec
(RubyGems)
Sep 25, 2024
ProTip!
Advisories are also available from the
GraphQL API