Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

311 advisories

Loading
Regular expression denial of service vulnerability (ReDoS) in date High
CVE-2021-41817 was published for date (RubyGems) Nov 16, 2021
SValkanov
Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby High
CVE-2021-41098 was published for nokogiri (RubyGems) Sep 27, 2021
Clearance Gem Open Redirect Vulnerability High
CVE-2021-23435 was published for clearance (RubyGems) Sep 13, 2021
Arbitrary Code Execution in Rdoc High
CVE-2021-31799 was published for rdoc (RubyGems) Sep 1, 2021
Regular Expression Denial of Service in Addressable templates High
CVE-2021-32740 was published for addressable (RubyGems) Jul 12, 2021
Code injection in Narou High
CVE-2021-35514 was published for narou (RubyGems) Jul 2, 2021
Exposure of Sensitive Information to an Unauthorized Actor in foreman_fog_proxmox High
CVE-2021-20259 was published for foreman_fog_proxmox (RubyGems) Jun 10, 2021
HTTP Request Smuggling in goliath High
CVE-2020-7671 was published for goliath (RubyGems) May 24, 2021
HTTP Request Smuggling in reel High
CVE-2020-7659 was published for reel (RubyGems) May 24, 2021
Improper Certificate Validation in EM-HTTP-Request High
CVE-2020-13482 was published for em-http-request (RubyGems) May 24, 2021
tdunlap607
Dependency Confusion in Bundler High
CVE-2020-36327 was published for bundler (RubyGems) May 24, 2021
Improper certificate validation in em-imap High
CVE-2020-13163 was published for em-imap (RubyGems) May 24, 2021
Puma's Keepalive Connections Causing Denial Of Service High
CVE-2021-29509 was published for puma (RubyGems) May 18, 2021
MSP-Greg wjordan
ioquatix
Insecure path handling in Bundler High
CVE-2019-3881 was published for bundler (RubyGems) May 10, 2021
Command Injection in lodash High
CVE-2021-23337 was published for lodash (RubyGems) May 6, 2021
mitchell-codecov nitaiapiiro
ebickle G-Rath
Tempfile on Windows path traversal vulnerability High
CVE-2021-28966 was published for tmpdir (RubyGems) May 6, 2021
Possible DoS Vulnerability in Action Controller Token Authentication High
CVE-2021-22904 was published for actionpack (RubyGems) May 5, 2021
Action Pack contains Information Disclosure / Unintended Method Execution vulnerability High
CVE-2021-22885 was published for actionpack (RubyGems) May 5, 2021
Denial of Service in Action Dispatch High
CVE-2021-22902 was published for actionpack (RubyGems) May 5, 2021
REXML round-trip instability High
CVE-2021-28965 was published for rexml (RubyGems) Apr 30, 2021
Pgsync Contains Cleartext Transmission of Sensitive Information High
CVE-2021-31671 was published for pgsync (RubyGems) Apr 27, 2021
Improper Certificate Validation in oauth ruby gem High
CVE-2016-11086 was published for oauth (RubyGems) Apr 22, 2021
Cross-Site Request Forgery (CSRF) in trestle-auth High
CVE-2021-29435 was published for trestle-auth (RubyGems) Apr 13, 2021
tomekr aj-hall
utkanos
Remote code execution in Kramdown High
CVE-2021-28834 was published for kramdown (RubyGems) Mar 29, 2021
Active Record subject to Regular Expression Denial-of-Service (ReDoS) High
CVE-2021-22880 was published for activerecord (RubyGems) Mar 2, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database