GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,362
Erlang
33
GitHub Actions
22
Go
2,133
Maven
5,000+
npm
3,797
NuGet
686
pip
3,473
Pub
12
RubyGems
896
Rust
897
Swift
38
Unreviewed advisories
All unreviewed
5,000+
105 advisories
Filter by severity
Command Injection vulnerability in asciidoctor-include-ext
Critical
CVE-2022-24803
was published
for
asciidoctor-include-ext
(RubyGems)
Mar 31, 2022
CSV-Safe improperly filters special characters potentially leading to CSV injection
Critical
CVE-2022-28481
was published
for
csv-safe
(RubyGems)
May 3, 2022
Remote shell execution vulnerability in image_processing
Critical
CVE-2022-24720
was published
for
image_processing
(RubyGems)
Mar 1, 2022
Buffer overflow in sponge queue functions
Critical
CVE-2022-37454
was published
for
pysha3
(RubyGems)
Apr 26, 2023
JMESPath for Ruby uses unsafe JSON.load when safe JSON.parse is preferable
Critical
CVE-2022-32511
was published
for
jmespath
(RubyGems)
Jun 7, 2022
Incorrect Handling of Non-Boolean Comparisons During Minification in uglify-js
Critical
CVE-2015-8857
was published
for
uglifier
(RubyGems)
Oct 24, 2017
karo Metacharacter Handling Remote Command Execution
Critical
CVE-2014-10075
was published
for
karo
(RubyGems)
May 14, 2022
Possible code injection vulnerability in Rails / Active Storage
Critical
CVE-2022-21831
was published
for
activestorage
(RubyGems)
Mar 8, 2022
Nokogiri vulnerable to libxslt protection mechanism bypass
Critical
CVE-2019-11068
was published
for
nokogiri
(RubyGems)
May 13, 2022
Code injection in pdf_info
Critical
CVE-2022-36231
was published
for
pdf_info
(RubyGems)
Feb 24, 2023
RubyGems vulnerable to Deserialization of Untrusted Data
Critical
CVE-2017-0903
was published
for
rubygems-update
(RubyGems)
May 13, 2022
RubyGems Code Injection vulnerability
Critical
CVE-2017-0899
was published
for
rubygems-update
(RubyGems)
May 13, 2022
RubyGems Improper Verification of Cryptographic Signature vulnerability
Critical
CVE-2018-1000076
was published
for
org.jruby:jruby-stdlib
(RubyGems)
May 14, 2022
smalruby and smalruby-editor vulnerable to OS Command Injection
Critical
CVE-2017-2096
was published
for
smalruby
(RubyGems)
May 13, 2022
omniauth-weibo-oauth2 included a code-execution backdoor inserted by a third party
Critical
CVE-2019-17268
was published
for
omniauth-weibo-oauth2
(RubyGems)
May 24, 2022
Fluentd Escape Sequence Injection Vulnerability
Critical
CVE-2017-10906
was published
for
fluentd
(RubyGems)
May 13, 2022
Active Record RCE bug with Serialized Columns
Critical
CVE-2022-32224
was published
for
activerecord
(RubyGems)
Jul 12, 2022
Arbitrary file write in actionpack-page_caching gem
Critical
CVE-2020-8159
was published
for
actionpack-page_caching
(RubyGems)
May 13, 2020
OmniAuth's `lib/omniauth/failure_endpoint.rb` does not escape `message_key` value
Critical
CVE-2020-36599
was published
for
omniauth
(RubyGems)
Aug 19, 2022
Improper handling of double quotes in file name in Diffy in Windows environment
Critical
CVE-2022-33127
was published
for
diffy
(RubyGems)
Jun 24, 2022
Arbitrary file write in dragonfly
Critical
CVE-2021-33473
was published
for
dragonfly
(RubyGems)
Jun 3, 2022
paperclip Server-Side Request Forgery vulnerability
Critical
CVE-2017-0889
was published
for
paperclip
(RubyGems)
Jan 22, 2018
festivaltts4r allows arbitrary command execution
Critical
CVE-2016-10194
was published
for
festivaltts4r
(RubyGems)
Oct 24, 2017
Integer overflow in publify_core
Critical
CVE-2022-1812
was published
for
publify_core
(RubyGems)
Jan 14, 2023
OS Command Injection in awesome spawn
Critical
CVE-2014-0156
was published
for
awesome_spawn
(RubyGems)
Jul 1, 2022
ProTip!
Advisories are also available from the
GraphQL API