Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

450 advisories

Loading
Possible timing attack in derivation_endpoint Moderate
CVE-2020-15237 was published for shrine (RubyGems) Oct 5, 2020
esparta
XSS in Action View Moderate
CVE-2020-15169 was published for actionview (RubyGems) Sep 11, 2020
jonathanhefner
Cross-Site Scripting in jquery Moderate
CVE-2012-6708 was published for jQuery (RubyGems) Sep 1, 2020
klaudialax
CSS Injection in Chartkick gem Moderate
CVE-2020-16254 was published for chartkick (RubyGems) Aug 12, 2020
Field Test CSRF vulnerability Moderate
CVE-2020-16252 was published for field_test (RubyGems) Aug 5, 2020
greysteil
Ability to change order address without triggering address validations in solidus Moderate
CVE-2020-15109 was published for solidus_api (RubyGems) Aug 4, 2020
mamhoff kennyadsl
CSRF Vulnerability in rails-ujs Moderate
CVE-2020-8167 was published for actionview (RubyGems) Jul 7, 2020
Untrusted users can run pending migrations in production in Rails Moderate
CVE-2020-8185 was published for actionpack (RubyGems) Jun 24, 2020
Cross-Site Scripting in Kaminari Moderate
CVE-2020-11082 was published for kaminari (RubyGems) May 28, 2020
viseztrance sonalkr132
Ability to forge per-form CSRF tokens in Rails Moderate
CVE-2020-8166 was published for actionpack (RubyGems) May 26, 2020
HTTP Smuggling via Transfer-Encoding Header in Puma Moderate
CVE-2020-11077 was published for puma (RubyGems) May 22, 2020
Cross-Site Scripting in jquery Moderate
CVE-2020-7656 was published for jQuery (RubyGems) May 20, 2020
klaudialax eoftedal
Potential XSS vulnerability in jQuery Moderate
CVE-2020-11023 was published for components/jquery (RubyGems) Apr 29, 2020
masatokinugawa klaudialax
Rudloff
Potential XSS vulnerability in jQuery Moderate
CVE-2020-11022 was published for athlon1600/youtube-downloader (RubyGems) Apr 29, 2020
masatokinugawa Churro
Rudloff
Cross site scripting vulnerability in ActionView Moderate
CVE-2020-5267 was published for actionview (RubyGems) Mar 19, 2020
jessecampos
HTTP Response Splitting (Early Hints) in Puma Moderate
CVE-2020-5249 was published for puma (RubyGems) Mar 3, 2020
OS Command Injection in Rake Moderate
CVE-2020-8130 was published for rake (RubyGems) Feb 28, 2020
HTTP Response Splitting in Puma Moderate
CVE-2020-5247 was published for puma (RubyGems) Feb 28, 2020
Denial of Service in uap-core when processing crafted User-Agent strings Moderate
CVE-2020-5243 was published for uap-core (RubyGems) Feb 20, 2020
bcaller
Directive injection when using dynamic overrides with user input Moderate
CVE-2020-5217 was published for secure_headers (RubyGems) Jan 23, 2020
Limited header injection when using dynamic overrides with user input in RubyGems secure_headers Moderate
CVE-2020-5216 was published for secure_headers (RubyGems) Jan 23, 2020
Possible Information Leak / Session Hijack Vulnerability in Rack Moderate
CVE-2019-16782 was published for rack (RubyGems) Dec 18, 2019
will
In RubyGem excon, interrupted Persistent Connections May Leak Response Data Moderate
CVE-2019-16779 was published for excon (RubyGems) Dec 16, 2019
A poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack Moderate
CVE-2019-16770 was published for puma (RubyGems) Dec 5, 2019
The rack-cors rubygem may allow directory traveral Moderate
CVE-2019-18978 was published for rack-cors (RubyGems) Nov 15, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database