Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

1,177 advisories

Loading
HTTParty does not restrict casts of string values High
CVE-2013-1801 was published for httparty (RubyGems) Oct 24, 2017
activesupport in Rails vulnerable to incorrect data conversion High
CVE-2013-0333 was published for activesupport (RubyGems) Oct 24, 2017
crack does not properly restrict casts of string values High
CVE-2013-1800 was published for crack (RubyGems) Oct 24, 2017
Code injection in dragonfly gem High
CVE-2013-5671 was published for dragonfly (RubyGems) Oct 24, 2017
G-Rath
Remote Code Execution in esigate-core Critical
CVE-2018-1000854 was published for org.esigate:esigate-core (Maven) Dec 21, 2018
CRLF Injection in pypiserver Moderate
CVE-2019-6802 was published for pypiserver (pip) Jan 30, 2019
tdunlap607
Denial of Service and Content Injection in i18n-node-angular High
CVE-2016-10524 was published for i18n-node-angular (npm) Feb 18, 2019
Twisted CRLF Injection Moderate
CVE-2019-12387 was published for twisted (pip) Jun 10, 2019
Failure to sanitize quotes which can lead to sql injection in squel Critical
GHSA-4qhx-g9wp-g9m6 was published for squel (npm) Jun 14, 2019
RubyGems Escape sequence injection vulnerability in api response handling High
CVE-2019-8323 was published for rubygems-update (RubyGems) Jun 20, 2019
RubyGems Escape sequence injection vulnerability in gem owner High
CVE-2019-8322 was published for rubygems-update (RubyGems) Jun 20, 2019
RubyGems Escape sequence injection in errors High
CVE-2019-8325 was published for rubygems-update (RubyGems) Jun 20, 2019
field_test gem contains injection vulnerability Moderate
CVE-2019-13146 was published for field_test (RubyGems) Jul 16, 2019
Invenio-App vulnerable to host header injection attack Moderate
CVE-2019-1020006 was published for invenio-app (pip) Jul 16, 2019
Improper Encoding or Escaping of Output and Injection in LibreNMS High
CVE-2019-12463 was published for librenms/librenms (Composer) Oct 11, 2019
io.ratpack:ratpack-core vulnerable to Improper Neutralization of Special Elements in Output ('Injection') High
CVE-2019-17513 was published for io.ratpack:ratpack-core (Maven) Oct 21, 2019
Remote code execution via vulnerable Symphony dependecy injection Critical
CVE-2019-8135 was published for magento/community-edition (Composer) Nov 12, 2019
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') in Armeria Moderate
GHSA-35fr-h7jr-hh86 was published for com.linecorp.armeria:armeria (Maven) Dec 6, 2019
JLLeitschuh
Prototype Pollution in handlebars Critical
CVE-2019-19919 was published for bootstrap-wysihtml5-rails (RubyGems) Dec 26, 2019
Remote Code Execution in Angular Expressions High
CVE-2020-5219 was published for angular-expressions (npm) Jan 24, 2020
MaxNad
Link injection in SimpleSAMLphp Low
GHSA-2r3v-q9x3-7g46 was published for simplesamlphp/simplesamlphp (Composer) Jan 24, 2020
hyp3rlinx
Improper Input Validation in Apache Solr High
CVE-2019-17558 was published for org.apache.solr:solr-core (Maven) Feb 12, 2020
Remote Code Execution (RCE) vulnerability in dropwizard-validation High
CVE-2020-5245 was published for io.dropwizard:dropwizard-validation (Maven) Feb 24, 2020
pwntester SunBK201
HTTP Response Splitting in Styx Moderate
CVE-2020-6858 was published for com.hotels.styx:styx-api (Maven) Mar 3, 2020
JLLeitschuh
HTTP Response Splitting (Early Hints) in Puma Moderate
CVE-2020-5249 was published for puma (RubyGems) Mar 3, 2020
ProTip! Advisories are also available from the GraphQL API