GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
1,007 advisories
Graphiti Affected by Arbitrary Method Execution via Unvalidated Relationship Names
Critical
CVE-2026-33286
was published
for
graphiti
(RubyGems)
Mar 20, 2026
Ruby JSON has a format string injection vulnerability
High
CVE-2026-33210
was published
for
json
(RubyGems)
Mar 19, 2026
Avo has a XSS vulnerability on `return_to` param
Moderate
CVE-2026-33209
was published
for
avo
(RubyGems)
Mar 18, 2026
Devise has a confirmable "change email" race condition permits user to confirm email they have no access to
Moderate
CVE-2026-32700
was published
for
devise
(RubyGems)
Mar 17, 2026
sigstore-ruby verifier returns success for DSSE bundles with mismatched in-toto subject digest
High
CVE-2026-31830
was published
for
sigstore
(RubyGems)
Mar 11, 2026
Stored XSS in Rack::Directory via javascript: filenames rendered into anchor href
Moderate
CVE-2026-25500
was published
for
rack
(RubyGems)
Feb 17, 2026
Rack has a Directory Traversal via Rack:Directory
High
CVE-2026-22860
was published
for
rack
(RubyGems)
Feb 17, 2026
Faraday affected by SSRF via protocol-relative URL host override in build_exclusive_url
Moderate
CVE-2026-25765
was published
for
faraday
(RubyGems)
Feb 9, 2026
ProTip!
Advisories are also available from the
GraphQL API