Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

450 advisories

Loading
spree_auth_devise allows remote authenticated users to assign themselves arbitrary roles Moderate
CVE-2013-2506 was published for spree_auth_devise (RubyGems) May 17, 2022
Rack-Cache caches sensitive headers Moderate
CVE-2012-2671 was published for rack-cache (RubyGems) May 17, 2022
Rack Gem Subject to Denial of Service via Hash Collisions Moderate
CVE-2011-5036 was published for org.jruby:jruby-parent (RubyGems) May 17, 2022
Sup Code Injection vulnerability Moderate
CVE-2013-4478 was published for sup (RubyGems) May 17, 2022
Fat Free CRM allows remote attackers to obtain sensitive information via a direct request Moderate
CVE-2013-7224 was published for fat_free_crm (RubyGems) May 17, 2022
Fat Free CRM vulnerable to SQL Injection Moderate
CVE-2013-7225 was published for fat_free_crm (RubyGems) May 17, 2022
Fat Free CRM contains Cross-site Request Forgery vulnerablilities Moderate
CVE-2013-7223 was published for fat_free_crm (RubyGems) May 17, 2022
Fat Free CRM vulnerable to Exposure of Sensitive Information Moderate
CVE-2013-7249 was published for fat_free_crm (RubyGems) May 17, 2022
Fat Free CRM has fixed token value Moderate
CVE-2013-7222 was published for fat_free_crm (RubyGems) May 17, 2022
RubyGems HTTPS to HTTP redirect Moderate
CVE-2012-2125 was published for rubygems-update (RubyGems) May 17, 2022
jasnow
RubyGems does not verify SSL certificate Moderate
CVE-2012-2126 was published for rubygems-update (RubyGems) May 17, 2022
jasnow
GitLab Grit Gem for Ruby contains a flaw allowing arbitrary commands to be executed Moderate
CVE-2013-4489 was published for gitlab-grit (RubyGems) May 17, 2022
postmodern
Fat Free CRM subject to Cross-site Scripting Moderate
CVE-2014-5441 was published for fat_free_crm (RubyGems) May 17, 2022
Sup Code Injection vulnerability Moderate
CVE-2013-4479 was published for sup (RubyGems) May 17, 2022
ccsv Double Free vulnerability Moderate
CVE-2017-15364 was published for ccsv (RubyGems) May 17, 2022
RubyGems Regular Expression Denial of Service Moderate
CVE-2013-4363 was published for rubygems-update (RubyGems) May 17, 2022
RubyGems Improper Input Validation vulnerability Moderate
CVE-2015-4020 was published for rubygems-update (RubyGems) May 17, 2022
jasnow
Publify exposes article metadata Moderate
CVE-2022-1553 was published for publify_core (RubyGems) May 17, 2022
Publify Incorrect Authorization Moderate
CVE-2022-0574 was published for publify_core (RubyGems) May 17, 2022
Publify vulnerable to code injection Moderate
CVE-2022-0578 was published for publify_core (RubyGems) May 17, 2022
VladTheEnterprising allows local users to write to arbitrary files via a symlink attack Moderate
CVE-2014-4996 was published for VladTheEnterprising (RubyGems) May 14, 2022
ldap_fluff authentication bypass Moderate
CVE-2012-5604 was published for ldap_fluff (RubyGems) May 14, 2022
Ember.js Cross-site Scripting vulnerability Moderate
CVE-2014-0013 was published for ember-source (RubyGems) May 14, 2022
xapian-core Cross-site Scripting vulnerability Moderate
CVE-2018-0499 was published for xapian-core (RubyGems) May 14, 2022
Fat Free CRM Cross-Site Request Forgery vulnerability Moderate
CVE-2015-1585 was published for fat_free_crm (RubyGems) May 14, 2022
tdunlap607
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database