GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
105 advisories
Filter by severity
paranoid2 gem Code backdoor
Critical
CVE-2019-13589
was published
for
paranoid2
(RubyGems)
Jul 16, 2019
Slanger Arbitrary command execution
Critical
CVE-2019-1010306
was published
for
slanger
(RubyGems)
Jul 16, 2019
strong_password Ruby gem malicious version causing Remote Code Execution vulnerability
Critical
CVE-2019-13354
was published
for
strong_password
(RubyGems)
Jul 8, 2019
ruby-openid SSRF via claimed_id request
Critical
CVE-2019-11027
was published
for
ruby-openid
(RubyGems)
Jun 13, 2019
Bootstrap-sass contains code execution backdoor
Critical
CVE-2019-10842
was published
for
bootstrap-sass
(RubyGems)
Apr 4, 2019
Use of Insufficiently Random Values in Railties Allows Remote Code Execution
Critical
CVE-2019-5420
was published
for
railties
(RubyGems)
Mar 13, 2019
mysql-bunuuid-rails vulnerable to SQL injection
Critical
CVE-2018-18476
was published
for
mysql-binuuid-rails
(RubyGems)
Oct 30, 2018
smart_proxy_dynflow gem authentication bypass in Foreman remote execution feature
Critical
CVE-2018-14643
was published
for
smart_proxy_dynflow
(RubyGems)
Oct 8, 2018
Rubyzip gem contains a Directory Traversal vulnerability in zip file component
Critical
CVE-2018-1000544
was published
for
rubyzip
(RubyGems)
Sep 6, 2018
Nokogiri does not forbid namespace nodes in XPointer ranges
Critical
CVE-2016-4658
was published
for
nokogiri
(RubyGems)
Aug 21, 2018
Git-fastclone passes user modifiable strings directly to a shell command
Critical
CVE-2015-8969
was published
for
git-fastclone
(RubyGems)
Aug 15, 2018
rest-client Gem Vulnerable to Session Fixation
Critical
CVE-2015-1820
was published
for
rest-client
(RubyGems)
Aug 13, 2018
active-support impersonates 'activesupport' gem
Critical
CVE-2018-3779
was published
for
active-support
(RubyGems)
Aug 13, 2018
restforce vulnerable to Improper Input Validation
Critical
CVE-2018-3777
was published
for
restforce
(RubyGems)
Aug 3, 2018
bson is vulnerable to denial of service due to incorrect regex validation
Critical
CVE-2015-4412
was published
for
bson
(RubyGems)
Mar 5, 2018
paperclip Server-Side Request Forgery vulnerability
Critical
CVE-2017-0889
was published
for
paperclip
(RubyGems)
Jan 22, 2018
Recurly gem Server-Side Request Forgery in Resource#find method
Critical
CVE-2017-0905
was published
for
recurly
(RubyGems)
Dec 6, 2017
redis-store deserializes untrusted data
Critical
CVE-2017-1000248
was published
for
redis-store
(RubyGems)
Dec 6, 2017
rails vulnerable to improper authentication
Critical
CVE-2009-2422
was published
for
rails
(RubyGems)
Oct 24, 2017
Active Record contains deserialization of arbitrary YAML
Critical
CVE-2013-0277
was published
for
activerecord
(RubyGems)
Oct 24, 2017
Creme Fraiche contains OS Command Injection
Critical
CVE-2013-2090
was published
for
cremefraiche
(RubyGems)
Oct 24, 2017
Shell Metacharacter Injection in kelredd-pruview
Critical
CVE-2013-1947
was published
for
kelredd-pruview
(RubyGems)
Oct 24, 2017
md2pdf allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename
Critical
CVE-2013-1948
was published
for
md2pdf
(RubyGems)
Oct 24, 2017
colorscore Command Injection vulnerability
Critical
CVE-2015-7541
was published
for
colorscore
(RubyGems)
Oct 24, 2017
Incorrect Handling of Non-Boolean Comparisons During Minification in uglify-js
Critical
CVE-2015-8857
was published
for
uglifier
(RubyGems)
Oct 24, 2017
ProTip!
Advisories are also available from the
GraphQL API