GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
105 advisories
Filter by severity
Authentication Bypass by CSRF Weakness
Critical
GHSA-gpqc-4pp7-5954
was published
for
spree_auth_devise
(RubyGems)
Nov 18, 2021
Authentication Bypass by CSRF Weakness
Critical
GHSA-8xfw-5q82-3652
was published
for
spree_auth_devise
(RubyGems)
Nov 18, 2021
Authentication Bypass by CSRF Weakness
Critical
GHSA-6mqr-q86q-6gwr
was published
for
spree_auth_devise
(RubyGems)
Nov 18, 2021
Authentication Bypass by CSRF Weakness
Critical
CVE-2021-41275
was published
for
spree_auth_devise
(RubyGems)
Nov 18, 2021
Authentication Bypass by CSRF Weakness
Critical
GHSA-5629-8855-gf4g
was published
for
solidus_core
(RubyGems)
Nov 18, 2021
Authentication Bypass by CSRF Weakness
Critical
CVE-2021-41274
was published
for
solidus_auth_devise
(RubyGems)
Nov 18, 2021
Remote code execution in ruby-jss
Critical
CVE-2021-33575
was published
for
ruby-jss
(RubyGems)
Oct 6, 2021
Dragonfly contains remote code execution vulnerability
Critical
CVE-2021-33564
was published
for
dragonfly
(RubyGems)
Jun 2, 2021
Backdoor / Malicious code
Critical
GHSA-q2hm-gx3f-h63q
was published
for
lita-coin
(RubyGems)
Feb 23, 2021
•
withdrawn
Unintended read access in kramdown gem
Critical
CVE-2020-14001
was published
for
kramdown
(RubyGems)
Aug 7, 2020
ActiveSupport potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
Critical
CVE-2020-8165
was published
for
activesupport
(RubyGems)
May 26, 2020
Arbitrary file write in actionpack-page_caching gem
Critical
CVE-2020-8159
was published
for
actionpack-page_caching
(RubyGems)
May 13, 2020
BibTeX-Ruby vulnerable to OS command injection
Critical
CVE-2019-10780
was published
for
bibtex-ruby
(RubyGems)
Feb 14, 2020
Prototype Pollution in handlebars
Critical
CVE-2019-19919
was published
for
bootstrap-wysihtml5-rails
(RubyGems)
Dec 26, 2019
netaddr before 1.5.3 and 2.0.4 has Incorrect Default Permissions
Critical
CVE-2019-17383
was published
for
netaddr
(RubyGems)
Oct 14, 2019
Improper Input Validation in simple_form
Critical
CVE-2019-16676
was published
for
simple_form
(RubyGems)
Sep 30, 2019
Consul gem insufficient authentication check - Multiple powers in one controller are not always checked correctly
Critical
CVE-2019-16377
was published
for
consul
(RubyGems)
Sep 27, 2019
Airbrake keys not being filtered
Critical
CVE-2019-16060
was published
for
airbrake-ruby
(RubyGems)
Sep 11, 2019
rest-client Gem Contains Malicious Code
Critical
CVE-2019-15224
was published
for
awesome-bot
(RubyGems)
Aug 20, 2019
Nokogiri Command Injection Vulnerability
Critical
CVE-2019-5477
was published
for
nokogiri
(RubyGems)
Aug 19, 2019
datagrid contains code Injection backdoor
Critical
CVE-2019-14281
was published
for
datagrid
(RubyGems)
Jul 31, 2019
Code backdoor in simple_captcha2
Critical
CVE-2019-14282
was published
for
simple_captcha2
(RubyGems)
Jul 31, 2019
SQL Injection in marginalia
Critical
CVE-2019-1010191
was published
for
marginalia
(RubyGems)
Jul 26, 2019
ProTip!
Advisories are also available from the
GraphQL API