GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,233
Erlang
31
GitHub Actions
20
Go
1,992
Maven
5,000+
npm
3,709
NuGet
661
pip
3,346
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
17 advisories
Filter by severity
URI gem has ReDoS vulnerability
Moderate
CVE-2023-36617
was published
for
uri
(RubyGems)
Jun 29, 2023
Rails actionpack gem vulnerable to Cross-site Scripting
Moderate
CVE-2011-0446
was published
for
actionpack
(RubyGems)
Oct 24, 2017
actionpack and activesupport vulnerable to information leaks
Moderate
CVE-2009-3086
was published
for
actionpack
(RubyGems)
Oct 24, 2017
Cross-site Scripting vulnerability in i18n translations helper method
Moderate
CVE-2011-4319
was published
for
actionpack
(RubyGems)
Oct 24, 2017
actionpack Cross-Site Request Forgery vulnerability
Moderate
CVE-2011-0447
was published
for
actionpack
(RubyGems)
Oct 24, 2017
Cross site scripting that affects rails
Moderate
CVE-2009-3009
was published
for
actionpack
(RubyGems)
Oct 24, 2017
rails Cross-site Scripting vulnerability
Moderate
CVE-2011-2197
was published
for
actionpack
(RubyGems)
Oct 24, 2017
Bundler may install gems from a different source than expected
Moderate
CVE-2013-0334
was published
for
bundler
(RubyGems)
May 5, 2022
Nokogiri vulnerable to DoS while parsing XML entities
Moderate
CVE-2013-6461
was published
for
nokogiri
(RubyGems)
May 5, 2022
Nokogiri vulnerable to DoS while parsing XML documents
Moderate
CVE-2013-6460
was published
for
nokogiri
(RubyGems)
May 5, 2022
Cross site scripting in actionpack Rubygem
Moderate
CVE-2011-1497
was published
for
actionpack
(RubyGems)
Apr 22, 2022
Improper Input Validation in actionpack
Moderate
CVE-2008-7248
was published
for
actionpack
(RubyGems)
Oct 24, 2017
Rails activerecord gem has Improper Input Validation vulnerability
Moderate
CVE-2010-3933
was published
for
activerecord
(RubyGems)
Oct 24, 2017
RubyGems HTTPS to HTTP redirect
Moderate
CVE-2012-2125
was published
for
rubygems-update
(RubyGems)
May 17, 2022
RubyGems does not verify SSL certificate
Moderate
CVE-2012-2126
was published
for
rubygems-update
(RubyGems)
May 17, 2022
RubyGems Improper Input Validation vulnerability
Moderate
CVE-2015-4020
was published
for
rubygems-update
(RubyGems)
May 17, 2022
apollo_upload_server has Denial of Service vulnerability
Moderate
CVE-2021-39880
was published
for
apollo_upload_server
(RubyGems)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API