GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
990 advisories
sigstore-ruby verifier returns success for DSSE bundles with mismatched in-toto subject digest
High
CVE-2026-31830
was published
for
sigstore
(RubyGems)
Mar 11, 2026
Stored XSS in Rack::Directory via javascript: filenames rendered into anchor href
Moderate
CVE-2026-25500
was published
for
rack
(RubyGems)
Feb 17, 2026
Rack has a Directory Traversal via Rack:Directory
High
CVE-2026-22860
was published
for
rack
(RubyGems)
Feb 17, 2026
Faraday affected by SSRF via protocol-relative URL host override in build_exclusive_url
Moderate
CVE-2026-25765
was published
for
faraday
(RubyGems)
Feb 9, 2026
Unauthenticated Spree Commerce users can access all guest addresses
High
CVE-2026-25758
was published
for
spree_api
(RubyGems)
Feb 5, 2026
Unauthenticated Spree Commerce users can view completed guest orders by Order ID
High
CVE-2026-25757
was published
for
spree_storefront
(RubyGems)
Feb 5, 2026
Decidim's private data exports can lead to data leaks
High
CVE-2025-65017
was published
for
decidim
(RubyGems)
Feb 3, 2026
AlchemyCMS: Authenticated Remote Code Execution (RCE) via eval injection in ResourcesHelper
Moderate
CVE-2026-23885
was published
for
alchemy_cms
(RubyGems)
Jan 21, 2026
openc3-api Vulnerable to Unauthenticated Remote Code Execution
Critical
CVE-2025-68271
was published
for
openc3
(RubyGems)
Jan 13, 2026
httparty Has Potential SSRF Vulnerability That Leads to API Key Leakage
High
CVE-2025-68696
was published
for
httparty
(RubyGems)
Dec 23, 2025
ProTip!
Advisories are also available from the
GraphQL API