GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
105 advisories
Filter by severity
netaddr before 1.5.3 and 2.0.4 has Incorrect Default Permissions
Critical
CVE-2019-17383
was published
for
netaddr
(RubyGems)
Oct 14, 2019
omniauth-saml vulnerable to Improper Verification of Cryptographic Signature
Critical
GHSA-cvp8-5r8g-fhvq
was published
for
omniauth-saml
(RubyGems)
Sep 11, 2024
SAML authentication bypass via Incorrect XPath selector
Critical
CVE-2024-45409
was published
for
ruby-saml
(RubyGems)
Sep 10, 2024
Command Injection in sequenceserver
Critical
CVE-2024-42360
was published
for
sequenceserver
(RubyGems)
Aug 13, 2024
StringIO buffer overread vulnerability
Critical
CVE-2024-27280
was published
for
stringio
(RubyGems)
Mar 25, 2024
Katello uses hard coded credential
Critical
CVE-2012-3503
was published
for
katello
(RubyGems)
May 17, 2022
discordrb OS Command Injection vulnerability
Critical
CVE-2023-28102
was published
for
discordrb
(RubyGems)
Mar 14, 2024
rails vulnerable to improper authentication
Critical
CVE-2009-2422
was published
for
rails
(RubyGems)
Oct 24, 2017
Buffer overrun in CGI.escape_html
Critical
CVE-2021-41816
was published
for
cgi
(RubyGems)
Dec 14, 2021
Possible shell escape sequence injection vulnerability in Rack
Critical
CVE-2022-30123
was published
for
rack
(RubyGems)
May 27, 2022
flash_tool Gem for Ruby File Download Handling Arbitrary Command Execution
Critical
CVE-2013-2513
was published
for
flash_tool
(RubyGems)
Jan 26, 2023
Prototype Pollution in handlebars
Critical
CVE-2019-19919
was published
for
bootstrap-wysihtml5-rails
(RubyGems)
Dec 26, 2019
Puppet Improper Access Control
Critical
CVE-2016-2785
was published
for
puppet
(RubyGems)
May 13, 2022
Server-Side Template Injection in Camaleon CMS
Critical
CVE-2023-30145
was published
for
camaleon_cms
(RubyGems)
May 26, 2023
Puppet Bolt privilege escalation vulnerability
Critical
CVE-2023-5214
was published
for
bolt
(RubyGems)
Oct 6, 2023
md2pdf allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename
Critical
CVE-2013-1948
was published
for
md2pdf
(RubyGems)
Oct 24, 2017
Foreman Transpilation Enables OS Command Injection
Critical
CVE-2022-3874
was published
for
foreman
(RubyGems)
Sep 22, 2023
•
withdrawn
Puma HTTP Request/Response Smuggling vulnerability
Critical
CVE-2023-40175
was published
for
puma
(RubyGems)
Aug 18, 2023
geokit-rails Command Injection vulnerability
Critical
CVE-2023-26153
was published
for
geokit-rails
(RubyGems)
Oct 6, 2023
ruby-saml vulnerable to XPath injection
Critical
CVE-2015-20108
was published
for
ruby-saml
(RubyGems)
May 27, 2023
Creme Fraiche contains OS Command Injection
Critical
CVE-2013-2090
was published
for
cremefraiche
(RubyGems)
Oct 24, 2017
Nokogiri does not forbid namespace nodes in XPointer ranges
Critical
CVE-2016-4658
was published
for
nokogiri
(RubyGems)
Aug 21, 2018
Active Record contains deserialization of arbitrary YAML
Critical
CVE-2013-0277
was published
for
activerecord
(RubyGems)
Oct 24, 2017
strong_password Ruby gem malicious version causing Remote Code Execution vulnerability
Critical
CVE-2019-13354
was published
for
strong_password
(RubyGems)
Jul 8, 2019
curupira is vulnerable to SQL injection
Critical
CVE-2015-10053
was published
for
curupira
(RubyGems)
Jan 16, 2023
ProTip!
Advisories are also available from the
GraphQL API