GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 19,393
Composer 3,971
Erlang 29
GitHub Actions 16
Go 1,752
Maven 4,982
npm 3,516
NuGet 609
pip 3,091
Pub 10
RubyGems 833
Rust 782
Swift 34

Unreviewed advisories

All unreviewed 221,649

CC-BY-4.0 License

Language support

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

833 advisories

Filter by severity

Sort by

Least recently updated

Duplicate Advisory: ActiveAdmin vulnerable to CSV injection High

GHSA-rqxc-9p8h-xqgq was published for activeadmin (RubyGems) Dec 24, 2023 • withdrawn

Resque vulnerable to Reflected Cross Site Scripting through pathnames Moderate

CVE-2023-50724 was published for resque (RubyGems) Dec 18, 2023

Resque vulnerable to reflected XSS in resque-web failed and queues lists Moderate

CVE-2023-50725 was published for resque (RubyGems) Dec 18, 2023

Resque vulnerable to reflected XSS in Queue Endpoint Moderate

CVE-2023-50727 was published for resque (RubyGems) Dec 18, 2023

Resque Scheduler Reflected XSS In Delayed Jobs View Moderate

CVE-2022-44303 was published for resque-scheduler (RubyGems) Dec 18, 2023

Potential CSV export data leak High

CVE-2023-50448 was published for activeadmin (RubyGems) Dec 15, 2023

pubnub Insufficient Entropy vulnerability Moderate

CVE-2023-26154 was published for Pubnub (RubyGems) Dec 6, 2023

CarrierWave Content-Type allowlist bypass vulnerability, possibly leading to XSS Moderate

CVE-2023-49090 was published for carrierwave (RubyGems) Nov 29, 2023

memory leak flaw was found in ruby-magick Moderate

CVE-2023-5349 was published for rmagick (RubyGems) Oct 30, 2023

encoded_id-rails potential DOS vulnerability due to URIs with extremely long encoded IDs High

CVE-2024-0241 was published for encoded_id-rails (RubyGems) Oct 24, 2023

svg_optimizer rubygem external XML entity (XXE) vulnerability Moderate

CVE-2023-46035 was published for svg_optimizer (RubyGems) Oct 20, 2023

Puppet Bolt privilege escalation vulnerability Critical

CVE-2023-5214 was published for bolt (RubyGems) Oct 6, 2023

geokit-rails Command Injection vulnerability Critical

CVE-2023-26153 was published for geokit-rails (RubyGems) Oct 6, 2023

Decidim has broken access control in templates High

CVE-2023-36465 was published for decidim (RubyGems) Oct 5, 2023

Foreman Transpilation Enables OS Command Injection Critical

CVE-2022-3874 was published for foreman (RubyGems) Sep 22, 2023 • withdrawn

sidekiq Denial of Service vulnerability Moderate

CVE-2023-26141 was published for sidekiq (RubyGems) Sep 14, 2023

Denial of Service Vulnerability in gRPC TCP Server (Posix-compatible platforms) High

CVE-2023-4785 was published for grpc (RubyGems) Sep 13, 2023

Active Support Possibly Discloses Locally Encrypted Files Low

CVE-2023-38037 was published for activesupport (RubyGems) Aug 23, 2023

Puma HTTP Request/Response Smuggling vulnerability Critical

CVE-2023-40175 was published for puma (RubyGems) Aug 18, 2023

Several quadratic complexity bugs may lead to denial of service in Commonmarker Moderate

GHSA-7vh7-fw88-wj87 was published for commonmarker (RubyGems) Aug 8, 2023

protocol-http1 HTTP Request/Response Smuggling vulnerability Moderate

CVE-2023-38697 was published for protocol-http1 (RubyGems) Aug 3, 2023

rswag vulnerable to arbitrary JSON and YAML file read via directory traversal High

CVE-2023-38337 was published for rswag (RubyGems) Jul 15, 2023

Decidim Cross-site Scripting vulnerability in the external link redirections Moderate

CVE-2023-32693 was published for decidim (RubyGems) Jul 11, 2023

Decidim Cross-site Scripting vulnerability in the processes filter High

CVE-2023-34089 was published for decidim (RubyGems) Jul 11, 2023

Decidim vulnerable to sensitive data disclosure High

CVE-2023-34090 was published for decidim (RubyGems) Jul 11, 2023

Previous 1 2 3 4 5 … 33 34 Next

ProTip! Advisories are also available from the GraphQL API

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

833 advisories