Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

450 advisories

Loading
Spree allows remote attackers to obtain sensitive information Moderate
CVE-2010-3978 was published for spree (RubyGems) May 14, 2022
ember-source Cross-site Scripting vulnerability Moderate
CVE-2014-0014 was published for ember-source (RubyGems) May 14, 2022
tdunlap607
Withdrawn Advisory: AlchemyCMS is vulnerable to stored XSS via the /admin/pictures image field Moderate
CVE-2018-18307 was published for alchemy_cms (RubyGems) May 14, 2022 withdrawn
RubyGems Path Traversal vulnerability Moderate
CVE-2018-1000079 was published for org.jruby:jruby-stdlib (RubyGems) May 14, 2022
jQuery vulnerable to Cross-Site Scripting (XSS) Moderate
CVE-2011-4969 was published for jQuery (RubyGems) May 14, 2022
jhutchings1 klaudialax
RubyGems Regular Expression Denial of Service vulnerability Moderate
CVE-2013-4287 was published for rubygems-update (RubyGems) May 14, 2022
katello Cross-site Scripting vulnerability Moderate
CVE-2018-16887 was published for katello (RubyGems) May 14, 2022
RubyGems Cross-site Scripting vulnerability Moderate
CVE-2018-1000078 was published for org.jruby:jruby-stdlib (RubyGems) May 14, 2022
RubyGems Improper Input Validation vulnerability Moderate
CVE-2018-1000077 was published for org.jruby:jruby-stdlib (RubyGems) May 14, 2022
Puppet uses predictable filenames, allowing arbitrary file overwrite Moderate
CVE-2011-3871 was published for puppet (RubyGems) May 14, 2022
Puppet does not properly restrict access to node resources Moderate
CVE-2011-0528 was published for puppet (RubyGems) May 14, 2022
Puppet arbitrary file overwrite Moderate
CVE-2011-3869 was published for puppet (RubyGems) May 14, 2022
Puppet allows local users to modify the permissions of arbitrary files Moderate
CVE-2011-3870 was published for puppet (RubyGems) May 14, 2022
Puppet uses predictable filenames, allowing arbitrary file overwrite Moderate
CVE-2012-1906 was published for puppet (RubyGems) May 14, 2022
Puppet Arbitrary Command Execution Moderate
CVE-2012-1988 was published for puppet (RubyGems) May 14, 2022
Puppet Privilege Escallation Moderate
CVE-2012-1053 was published for puppet (RubyGems) May 14, 2022
Authlogic Information Exposure vulnerability Moderate
CVE-2012-6497 was published for authlogic (RubyGems) May 14, 2022
Phusion Passenger incorrect permission assignment Moderate
CVE-2018-12615 was published for passenger (RubyGems) May 13, 2022
jhutchings1
Tarball permission preservation in puppet Moderate
CVE-2017-10689 was published for puppet (RubyGems) May 13, 2022
BenK0lin
Logstash Logs Sensitive Information Moderate
CVE-2016-10362 was published for logstash-core (RubyGems) May 13, 2022
katello Improper Privilege Management vulnerability Moderate
CVE-2017-2662 was published for katello (RubyGems) May 13, 2022
katello SQL Injection vulnerability Moderate
CVE-2018-14623 was published for katello (RubyGems) May 13, 2022
Gem in a Box vulnerable to Cross-site Scripting Moderate
CVE-2017-14506 was published for geminabox (RubyGems) May 13, 2022
Phusion Passenger information disclosure Moderate
CVE-2017-16355 was published for passenger (RubyGems) May 13, 2022
jhutchings1
Bootstrap vulnerable to Cross-Site Scripting (XSS) Moderate
CVE-2018-14040 was published for bootstrap (RubyGems) May 13, 2022
jhutchings1 stof
Churro tdunlap607 jenhae
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database