GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
293 advisories
Filter by severity
Insecure PRNG use in random_password_generator
High
CVE-2019-25061
was published
for
random_password_generator
(RubyGems)
May 19, 2022
Integer Overflow or Wraparound in libxml2 affects Nokogiri
High
GHSA-cgx6-hpwq-fhv5
was published
for
nokogiri
(RubyGems)
May 18, 2022
Publify vulnerable to DoS attack
High
CVE-2014-3211
was published
for
publify_core
(RubyGems)
May 17, 2022
Karteek Docsplit vulnerable to OS Command Injection
High
CVE-2013-1933
was published
for
karteek-docsplit
(RubyGems)
May 17, 2022
backup-agoddard and backup_checksum have Information Exposure vulnerability
High
CVE-2014-4993
was published
for
backup-agoddard
(RubyGems)
May 14, 2022
codders-dataset Process Table Local Plaintext Credential Disclosure
High
CVE-2014-4991
was published
for
codders-dataset
(RubyGems)
May 14, 2022
VladTheEnterprising allows local users to obtain sensitive information by reading MySQL root password from temporary file
High
CVE-2014-4995
was published
for
VladTheEnterprising
(RubyGems)
May 14, 2022
point-cli allows local users to obtain sensitive information by listing the process
High
CVE-2014-4997
was published
for
point-cli
(RubyGems)
May 14, 2022
kajam allows local users to obtain sensitive information by listing the process
High
CVE-2014-4999
was published
for
kajam
(RubyGems)
May 14, 2022
lean-ruport allows local users to obtain sensitive information by listing the process
High
CVE-2014-4998
was published
for
lean-ruport
(RubyGems)
May 14, 2022
Echor Ruby Gem credentials can be stolen via process table monitoring
High
CVE-2014-1835
was published
for
echor
(RubyGems)
May 14, 2022
Nokogiri gem, via libxml, is affected by DoS vulnerabilities
High
CVE-2017-15412
was published
for
nokogiri
(RubyGems)
May 14, 2022
Ruby OpenSSL DoS Vulnerability
High
CVE-2017-14033
was published
for
openssl
(RubyGems)
May 14, 2022
i18n Vulnerable to Denial of Service Attack
High
CVE-2014-10077
was published
for
i18n
(RubyGems)
May 14, 2022
Fileutils Command Injection vulnerability
High
CVE-2013-2516
was published
for
fileutils
(RubyGems)
May 14, 2022
Phusion Passenger Race Condition Allows Privilege Escalation
High
CVE-2018-12029
was published
for
passenger
(RubyGems)
May 14, 2022
Katello SQL Injection vulnerabilities
High
CVE-2016-3072
was published
for
katello
(RubyGems)
May 14, 2022
RubyGems vulnerable to DNS hijack attack
High
CVE-2015-3900
was published
for
rubygems-update
(RubyGems)
May 14, 2022
RubyGems Improper Input Validation vulnerability
High
CVE-2017-0900
was published
for
rubygems-update
(RubyGems)
May 14, 2022
RubyGems Deserialization of Untrusted Data vulnerability
High
CVE-2018-1000074
was published
for
org.jruby:jruby-stdlib
(RubyGems)
May 14, 2022
Logstash Logs Sensitive Information
High
CVE-2016-1000221
was published
for
logstash-core
(RubyGems)
May 14, 2022
Asciidoctor Infinite Loop vulnerability
High
CVE-2018-18385
was published
for
asciidoctor
(RubyGems)
May 13, 2022
Insecure Permissions in Phusion Passenger
High
CVE-2018-12027
was published
for
passenger
(RubyGems)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API