Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,233
Erlang
31
GitHub Actions
20
Go
1,992
Maven
5,000+
npm
3,709
NuGet
661
pip
3,346
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+

425 advisories

Loading
A poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack Moderate
CVE-2019-16770 was published for puma (RubyGems) Dec 5, 2019
The rack-cors rubygem may allow directory traveral Moderate
CVE-2019-18978 was published for rack-cors (RubyGems) Nov 15, 2019
Loofah Allows Cross-site Scripting Moderate
CVE-2019-15587 was published for loofah (RubyGems) Nov 5, 2019
tdunlap607
Haml vulnerable to cross-site scripting Moderate
CVE-2017-1002201 was published for haml (RubyGems) Oct 21, 2019
Rubyzip denial of service Moderate
CVE-2019-16892 was published for rubyzip (RubyGems) Sep 30, 2019
tdunlap607
Cross-site scripting in padrino-contrib Moderate
CVE-2019-16145 was published for padrino-contrib (RubyGems) Sep 23, 2019
Authentication Bypass in Devise Moderate
CVE-2019-16109 was published for devise (RubyGems) Sep 11, 2019
Cross-site scripting in fat_free_crm Moderate
CVE-2018-20975 was published for fat_free_crm (RubyGems) Aug 21, 2019
field_test gem contains injection vulnerability Moderate
CVE-2019-13146 was published for field_test (RubyGems) Jul 16, 2019
Cross-site Scripting in Chartkick Moderate
CVE-2019-12732 was published for chartkick (RubyGems) Jun 7, 2019
XSS in jQuery as used in Drupal, Backdrop CMS, and other products Moderate
CVE-2019-11358 was published for django (RubyGems) Apr 26, 2019
klaudialax eoftedal
Rudloff
Duplicate Advisory: Prototype Pollution in jquery Moderate
CVE-2019-5428 was published for jquery (RubyGems) Apr 23, 2019 withdrawn
kurt-r2c
Doorkeeper-openid_connect contains Open Redirect Moderate
CVE-2019-9837 was published for doorkeeper-openid_connect (RubyGems) Mar 25, 2019
devise Time-of-check Time-of-use Race Condition vulnerability Moderate
CVE-2019-5421 was published for devise (RubyGems) Mar 19, 2019
Bootstrap Vulnerable to Cross-Site Scripting Moderate
CVE-2019-8331 was published for Bootstrap.Less (RubyGems) Feb 22, 2019
bootstrap Cross-site Scripting vulnerability Moderate
CVE-2018-20677 was published for bootstrap (RubyGems) Jan 17, 2019
tdunlap607
XSS vulnerability that affects bootstrap Moderate
CVE-2018-20676 was published for bootstrap (RubyGems) Jan 17, 2019
tdunlap607
Bootstrap Cross-site Scripting vulnerability Moderate
CVE-2016-10735 was published for bootstrap (RubyGems) Jan 17, 2019
roka-actico
Cross Site Scripting (XSS) vulnerability in easymon Moderate
CVE-2018-1000855 was published for easymon (RubyGems) Dec 21, 2018
Fat Free CRM vulnerable to Cross-site Scripting Moderate
CVE-2018-1000842 was published for fat_free_crm (RubyGems) Dec 20, 2018
Exposure of Sensitive Information to an Unauthorized Actor in activestorage Moderate
CVE-2018-16477 was published for activestorage (RubyGems) Dec 5, 2018
Rack vulnerable to Cross-site Scripting Moderate
CVE-2018-16471 was published for rack (RubyGems) Nov 15, 2018
Content Injection via TileJSON Name in mapbox.js Moderate
CVE-2017-1000043 was published for mapbox-rails (RubyGems) Nov 9, 2018
Content Injection via TileJSON attribute in mapbox.js Moderate
CVE-2017-1000042 was published for mapbox-rails (RubyGems) Nov 9, 2018
Loofah Cross-site Scripting vulnerability Moderate
CVE-2018-16468 was published for loofah (RubyGems) Nov 1, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database