GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,233
Erlang
31
GitHub Actions
20
Go
1,992
Maven
5,000+
npm
3,709
NuGet
661
pip
3,346
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
425 advisories
Filter by severity
Kredis JSON Possible Deserialization of Untrusted Data Vulnerability
Moderate
CVE-2023-27531
was published
for
kredis
(RubyGems)
Jun 9, 2023
Commonmarker vulnerable to to several quadratic complexity bugs that may lead to denial of service
Moderate
GHSA-48wp-p9qv-4j64
was published
for
commonmarker
(RubyGems)
Apr 11, 2023
Nokogiri updates packaged libxml2 to v2.10.4 to resolve multiple CVEs
Moderate
GHSA-pxvg-2qj5-37jq
was published
for
nokogiri
(RubyGems)
Apr 11, 2023
unpoly-rails Denial of Service vulnerability
Moderate
CVE-2023-28846
was published
for
unpoly-rails
(RubyGems)
Mar 30, 2023
Reflective Cross-site Scripting Vulnerability in twitter-bootstrap-rails
Moderate
CVE-2014-4920
was published
for
twitter-bootstrap-rails
(RubyGems)
Mar 16, 2023
Possible XSS Security Vulnerability in SafeBuffer#bytesplice
Moderate
CVE-2023-28120
was published
for
activesupport
(RubyGems)
Mar 15, 2023
Clockwork Web contains a Cross-Site Request Forgery Vulnerability with Rails < 5.2
Moderate
CVE-2023-25015
was published
for
clockwork_web
(RubyGems)
Feb 2, 2023
Publify contains Weak Password Requirements
Moderate
CVE-2023-0569
was published
for
publify_core
(RubyGems)
Jan 29, 2023
Improper neutralization of `noscript` element content may allow XSS in Sanitize
Moderate
CVE-2023-23627
was published
for
sanitize
(RubyGems)
Jan 28, 2023
xaviershay-dm-rails Gem for Ruby exposes sensitive information via the process table
Moderate
CVE-2015-2179
was published
for
xaviershay-dm-rails
(RubyGems)
Jan 26, 2023
Several quadratic complexity bugs may lead to denial of service in Commonmarker
Moderate
GHSA-636f-xm5j-pj9m
was published
for
commonmarker
(RubyGems)
Jan 24, 2023
Open Redirect Vulnerability in Action Pack
Moderate
CVE-2023-22797
was published
for
actionpack
(RubyGems)
Jan 18, 2023
Sisimai Inefficient Regular Expression Complexity vulnerability
Moderate
CVE-2022-4891
was published
for
sisimai
(RubyGems)
Jan 17, 2023
Publify Core does not strip metadata from images
Moderate
CVE-2022-2815
was published
for
publify_core
(RubyGems)
Jan 14, 2023
Inline SVG vulnerable to Cross-site Scripting
Moderate
CVE-2020-36644
was published
for
inline_svg
(RubyGems)
Jan 7, 2023
httparty has multipart/form-data request tampering vulnerability
Moderate
CVE-2024-22049
was published
for
httparty
(RubyGems)
Jan 3, 2023
keynote Cross-site Scripting vulnerability
Moderate
CVE-2017-20159
was published
for
keynote
(RubyGems)
Dec 31, 2022
Oxidized Web vulnerable to Cross-site Scripting
Moderate
CVE-2019-25088
was published
for
oxidized-web
(RubyGems)
Dec 27, 2022
text_helpers uses web link to untrusted target with window.opener access
Moderate
CVE-2020-36624
was published
for
text_helpers
(RubyGems)
Dec 22, 2022
Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Moderate
CVE-2022-23520
was published
for
rails-html-sanitizer
(RubyGems)
Dec 13, 2022
Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Moderate
CVE-2022-23519
was published
for
rails-html-sanitizer
(RubyGems)
Dec 13, 2022
Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Moderate
CVE-2022-23518
was published
for
rails-html-sanitizer
(RubyGems)
Dec 13, 2022
Improper neutralization of data URIs may allow XSS in Loofah
Moderate
CVE-2022-23515
was published
for
loofah
(RubyGems)
Dec 13, 2022
Duplicate Advisory: Resque Scheduler Reflected XSS In Delayed Jobs View
Moderate
GHSA-q7jc-v6f2-q9jr
was published
for
resque-scheduler
(RubyGems)
Dec 13, 2022
•
withdrawn
Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Moderate
GHSA-2qc6-mcvw-92cw
was published
for
nokogiri
(RubyGems)
Oct 18, 2022
ProTip!
Advisories are also available from the
GraphQL API