GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,233
Erlang
31
GitHub Actions
20
Go
1,992
Maven
5,000+
npm
3,709
NuGet
661
pip
3,346
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
105 advisories
Filter by severity
Backdoor / Malicious code
Critical
GHSA-q2hm-gx3f-h63q
was published
for
lita-coin
(RubyGems)
Feb 23, 2021
•
withdrawn
Authentication Bypass by CSRF Weakness
Critical
GHSA-5629-8855-gf4g
was published
for
solidus_core
(RubyGems)
Nov 18, 2021
active-support impersonates 'activesupport' gem
Critical
CVE-2018-3779
was published
for
active-support
(RubyGems)
Aug 13, 2018
Publify Improper Input Validation vulnerability
Critical
CVE-2023-0299
was published
for
publify_core
(RubyGems)
Jan 14, 2023
papercrop does not properly handle crop input
Critical
CVE-2015-2784
was published
for
papercrop
(RubyGems)
May 24, 2022
OS Command Injection in awesome spawn
Critical
CVE-2014-0156
was published
for
awesome_spawn
(RubyGems)
Jul 1, 2022
Integer overflow in publify_core
Critical
CVE-2022-1812
was published
for
publify_core
(RubyGems)
Jan 14, 2023
festivaltts4r allows arbitrary command execution
Critical
CVE-2016-10194
was published
for
festivaltts4r
(RubyGems)
Oct 24, 2017
paperclip Server-Side Request Forgery vulnerability
Critical
CVE-2017-0889
was published
for
paperclip
(RubyGems)
Jan 22, 2018
Arbitrary file write in dragonfly
Critical
CVE-2021-33473
was published
for
dragonfly
(RubyGems)
Jun 3, 2022
Improper handling of double quotes in file name in Diffy in Windows environment
Critical
CVE-2022-33127
was published
for
diffy
(RubyGems)
Jun 24, 2022
OmniAuth's `lib/omniauth/failure_endpoint.rb` does not escape `message_key` value
Critical
CVE-2020-36599
was published
for
omniauth
(RubyGems)
Aug 19, 2022
Arbitrary file write in actionpack-page_caching gem
Critical
CVE-2020-8159
was published
for
actionpack-page_caching
(RubyGems)
May 13, 2020
Active Record RCE bug with Serialized Columns
Critical
CVE-2022-32224
was published
for
activerecord
(RubyGems)
Jul 12, 2022
Fluentd Escape Sequence Injection Vulnerability
Critical
CVE-2017-10906
was published
for
fluentd
(RubyGems)
May 13, 2022
omniauth-weibo-oauth2 included a code-execution backdoor inserted by a third party
Critical
CVE-2019-17268
was published
for
omniauth-weibo-oauth2
(RubyGems)
May 24, 2022
smalruby and smalruby-editor vulnerable to OS Command Injection
Critical
CVE-2017-2096
was published
for
smalruby
(RubyGems)
May 13, 2022
RubyGems Improper Verification of Cryptographic Signature vulnerability
Critical
CVE-2018-1000076
was published
for
org.jruby:jruby-stdlib
(RubyGems)
May 14, 2022
RubyGems Code Injection vulnerability
Critical
CVE-2017-0899
was published
for
rubygems-update
(RubyGems)
May 13, 2022
RubyGems vulnerable to Deserialization of Untrusted Data
Critical
CVE-2017-0903
was published
for
rubygems-update
(RubyGems)
May 13, 2022
Code injection in pdf_info
Critical
CVE-2022-36231
was published
for
pdf_info
(RubyGems)
Feb 24, 2023
Nokogiri vulnerable to libxslt protection mechanism bypass
Critical
CVE-2019-11068
was published
for
nokogiri
(RubyGems)
May 13, 2022
Possible code injection vulnerability in Rails / Active Storage
Critical
CVE-2022-21831
was published
for
activestorage
(RubyGems)
Mar 8, 2022
karo Metacharacter Handling Remote Command Execution
Critical
CVE-2014-10075
was published
for
karo
(RubyGems)
May 14, 2022
Incorrect Handling of Non-Boolean Comparisons During Minification in uglify-js
Critical
CVE-2015-8857
was published
for
uglifier
(RubyGems)
Oct 24, 2017
ProTip!
Advisories are also available from the
GraphQL API