GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
1,013 advisories
MCP Ruby SDK: Insufficient Session Binding Allows SSE Stream Hijacking via Session ID Replay
High
CVE-2026-33946
was published
for
mcp
(RubyGems)
Mar 27, 2026
iCalendar has ICS injection via unsanitized URI property values
Moderate
CVE-2026-33635
was published
for
icalendar
(RubyGems)
Mar 24, 2026
Graphiti Affected by Arbitrary Method Execution via Unvalidated Relationship Names
Critical
CVE-2026-33286
was published
for
graphiti
(RubyGems)
Mar 20, 2026
Ruby JSON has a format string injection vulnerability
High
CVE-2026-33210
was published
for
json
(RubyGems)
Mar 19, 2026
Avo has a XSS vulnerability on `return_to` param
Moderate
CVE-2026-33209
was published
for
avo
(RubyGems)
Mar 18, 2026
Devise has a confirmable "change email" race condition permits user to confirm email they have no access to
Moderate
CVE-2026-32700
was published
for
devise
(RubyGems)
Mar 17, 2026
sigstore-ruby verifier returns success for DSSE bundles with mismatched in-toto subject digest
High
CVE-2026-31830
was published
for
sigstore
(RubyGems)
Mar 11, 2026
ProTip!
Advisories are also available from the
GraphQL API