GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
17 advisories
Filter by severity
Command Injection in sequenceserver
Critical
CVE-2024-42360
was published
for
sequenceserver
(RubyGems)
Aug 13, 2024
Puppet Arbitrary Command Execution
Moderate
CVE-2012-1988
was published
for
puppet
(RubyGems)
May 14, 2022
flash_tool Gem for Ruby File Download Handling Arbitrary Command Execution
Critical
CVE-2013-2513
was published
for
flash_tool
(RubyGems)
Jan 26, 2023
geokit-rails Command Injection vulnerability
Critical
CVE-2023-26153
was published
for
geokit-rails
(RubyGems)
Oct 6, 2023
ruby-saml vulnerable to XPath injection
Critical
CVE-2015-20108
was published
for
ruby-saml
(RubyGems)
May 27, 2023
git-fastclone permits arbitrary shell command execution from .gitmodules
High
CVE-2015-8968
was published
for
git-fastclone
(RubyGems)
Aug 15, 2018
colorscore Command Injection vulnerability
Critical
CVE-2015-7541
was published
for
colorscore
(RubyGems)
Oct 24, 2017
sfpagent Command Injection vulnerability
High
CVE-2014-2888
was published
for
sfpagent
(RubyGems)
Oct 24, 2017
PDFKit vulnerable to Command Injection
Critical
CVE-2022-25765
was published
for
pdfkit
(RubyGems)
Sep 10, 2022
Git-fastclone passes user modifiable strings directly to a shell command
Critical
CVE-2015-8969
was published
for
git-fastclone
(RubyGems)
Aug 15, 2018
Fileutils Command Injection vulnerability
High
CVE-2013-2516
was published
for
fileutils
(RubyGems)
May 14, 2022
Use of Insufficiently Random Values in Railties Allows Remote Code Execution
Critical
CVE-2019-5420
was published
for
railties
(RubyGems)
Mar 13, 2019
karo Metacharacter Handling Remote Command Execution
Critical
CVE-2014-10075
was published
for
karo
(RubyGems)
May 14, 2022
festivaltts4r allows arbitrary command execution
Critical
CVE-2016-10194
was published
for
festivaltts4r
(RubyGems)
Oct 24, 2017
active-support impersonates 'activesupport' gem
Critical
CVE-2018-3779
was published
for
active-support
(RubyGems)
Aug 13, 2018
ProTip!
Advisories are also available from the
GraphQL API