Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,873
Erlang
37
GitHub Actions
36
Go
2,518
Maven
5,000+
npm
4,156
NuGet
736
pip
3,955
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

946 advisories

Loading
codders-dataset Process Table Local Plaintext Credential Disclosure High
CVE-2014-4991 was published for codders-dataset (RubyGems) May 14, 2022
jasnow
VladTheEnterprising allows local users to obtain sensitive information by reading MySQL root password from temporary file High
CVE-2014-4995 was published for VladTheEnterprising (RubyGems) May 14, 2022
VladTheEnterprising allows local users to write to arbitrary files via a symlink attack Moderate
CVE-2014-4996 was published for VladTheEnterprising (RubyGems) May 14, 2022
kajam allows local users to obtain sensitive information by listing the process High
CVE-2014-4999 was published for kajam (RubyGems) May 14, 2022
point-cli allows local users to obtain sensitive information by listing the process High
CVE-2014-4997 was published for point-cli (RubyGems) May 14, 2022
lean-ruport allows local users to obtain sensitive information by listing the process High
CVE-2014-4998 was published for lean-ruport (RubyGems) May 14, 2022
Echor Ruby Gem credentials can be stolen via process table monitoring High
CVE-2014-1835 was published for echor (RubyGems) May 14, 2022
Echor contains Command Injection High
CVE-2014-1834 was published for echor (RubyGems) May 14, 2022
ldap_fluff authentication bypass Moderate
CVE-2012-5604 was published for ldap_fluff (RubyGems) May 14, 2022
Ember.js Cross-site Scripting vulnerability Moderate
CVE-2014-0013 was published for ember-source (RubyGems) May 14, 2022
xapian-core Cross-site Scripting vulnerability Moderate
CVE-2018-0499 was published for xapian-core (RubyGems) May 14, 2022
Fat Free CRM Cross-Site Request Forgery vulnerability Moderate
CVE-2015-1585 was published for fat_free_crm (RubyGems) May 14, 2022
tdunlap607
Spree allows remote attackers to obtain sensitive information Moderate
CVE-2010-3978 was published for spree (RubyGems) May 14, 2022
ember-source Cross-site Scripting vulnerability Moderate
CVE-2014-0014 was published for ember-source (RubyGems) May 14, 2022
tdunlap607
Nokogiri gem, via libxml, is affected by DoS vulnerabilities High
CVE-2017-15412 was published for nokogiri (RubyGems) May 14, 2022
espen mattyr
flavorjones staticintlucas thomasthaddeus BaerMitUmlaut dlackty
WEBrick RCE Vulnerability High
CVE-2017-10784 was published for webrick (RubyGems) May 14, 2022
brent-yearone drewblas
leviem1 orien aramprice intrigus-lgtm alagos longkt90 ChrisBAshton potsbo libussa
Ruby OpenSSL DoS Vulnerability High
CVE-2017-14033 was published for openssl (RubyGems) May 14, 2022
Withdrawn Advisory: AlchemyCMS is vulnerable to stored XSS via the /admin/pictures image field Moderate
CVE-2018-18307 was published for alchemy_cms (RubyGems) May 14, 2022 withdrawn
RubyGems Path Traversal vulnerability Moderate
CVE-2018-1000079 was published for org.jruby:jruby-stdlib (RubyGems) May 14, 2022
karo Metacharacter Handling Remote Command Execution Critical
CVE-2014-10075 was published for karo (RubyGems) May 14, 2022
jasnow
i18n Vulnerable to Denial of Service Attack High
CVE-2014-10077 was published for i18n (RubyGems) May 14, 2022
jhutchings1
Fileutils Command Injection vulnerability High
CVE-2013-2516 was published for fileutils (RubyGems) May 14, 2022
Phusion Passenger Race Condition Allows Privilege Escalation High
CVE-2018-12029 was published for passenger (RubyGems) May 14, 2022
Phusion Passenger SpawningKit Contains Arbitrary Read/Write Vulnerability Critical
CVE-2018-12026 was published for passenger (RubyGems) May 14, 2022
jQuery vulnerable to Cross-Site Scripting (XSS) Moderate
CVE-2011-4969 was published for jQuery (RubyGems) May 14, 2022
jhutchings1 klaudialax
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database