GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
293 advisories
Filter by severity
Incorrect Access Control in Phusion Passenger
High
CVE-2018-12028
was published
for
passenger
(RubyGems)
May 13, 2022
RubyGems Infinite Loop vulnerability
High
CVE-2018-1000075
was published
for
org.jruby:jruby-stdlib
(RubyGems)
May 13, 2022
RubyGems may allow a maliciously crafted gem to overwrite files
High
CVE-2017-0901
was published
for
rubygems-update
(RubyGems)
May 13, 2022
RubyGems has Origin Validation Error vulnerability
High
CVE-2017-0902
was published
for
rubygems-update
(RubyGems)
May 13, 2022
hammer_cli_foreman Improper Certificate Validation vulnerability
High
CVE-2017-2667
was published
for
hammer_cli_foreman
(RubyGems)
May 13, 2022
Gem in a Box vulnerable to Cross-site Request Forgery
High
CVE-2017-14683
was published
for
geminabox
(RubyGems)
May 13, 2022
RubyGems Link Following vulnerability
High
CVE-2018-1000073
was published
for
org.jruby:jruby-stdlib
(RubyGems)
May 13, 2022
open-uri-cached Gem for Ruby Unsafe Temporary File Creation Enables Code Execution
High
CVE-2015-3649
was published
for
open-uri-cached
(RubyGems)
May 13, 2022
mixlib-archive Path Traversal vulnerability
High
CVE-2017-1000026
was published
for
mixlib-archive
(RubyGems)
May 13, 2022
Nokogiri gem, via libxml, is affected by DoS vulnerabilities
High
CVE-2017-16932
was published
for
nokogiri
(RubyGems)
May 13, 2022
omniauth-facebook Improper Authentication vulnerability
High
CVE-2013-4593
was published
for
omniauth-facebook
(RubyGems)
May 5, 2022
sinatra does not validate expanded path matches
High
CVE-2022-29970
was published
for
sinatra
(RubyGems)
May 3, 2022
WEBrick Denial of Service Vulnerability
High
CVE-2008-4310
was published
for
webrick
(RubyGems)
May 2, 2022
Nokogiri is vulnerable to XML External Entity (XXE) attack
High
CVE-2012-6685
was published
for
nokogiri
(RubyGems)
Apr 23, 2022
RubyGems passenger gem allows remote attackers to delete files
High
CVE-2012-6135
was published
for
passenger
(RubyGems)
Apr 23, 2022
Denial of Service (DoS) in Nokogiri on JRuby
High
GHSA-gx8x-g87m-h5q6
was published
for
nokogiri
(RubyGems)
Apr 11, 2022
Out-of-bounds Write in zlib affects Nokogiri
High
GHSA-v6gp-9mmm-c6p5
was published
for
nokogiri
(RubyGems)
Apr 11, 2022
Nokogiri Inefficient Regular Expression Complexity
High
CVE-2022-24836
was published
for
nokogiri
(RubyGems)
Apr 11, 2022
Command injection in cocoapods-downloader
High
CVE-2022-24440
was published
for
cocoapods-downloader
(RubyGems)
Apr 2, 2022
Command injection in cocoapods-downloader
High
CVE-2022-21223
was published
for
cocoapods-downloader
(RubyGems)
Apr 2, 2022
Nokogiri affected by zlib's Out-of-bounds Write vulnerability
High
CVE-2018-25032
was published
for
nokogiri
(RubyGems)
Mar 26, 2022
Improper Certificate Validation in kubeclient
High
CVE-2022-0759
was published
for
kubeclient
(RubyGems)
Mar 26, 2022
Missing Authentication for Critical Function in Foreman Ansible
High
CVE-2021-3589
was published
for
foreman_ansible
(RubyGems)
Mar 24, 2022
Integer overflow in cmark-gfm table parsing extension leads to heap memory corruption
High
CVE-2024-22051
was published
for
commonmarker
(RubyGems)
Mar 3, 2022
ProTip!
Advisories are also available from the
GraphQL API