Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

945 advisories

Loading
Ruby SAML allows a SAML authentication bypass due to DOCTYPE handling (parser differential) Critical
CVE-2025-25291 was published for ruby-saml (RubyGems) Mar 12, 2025
ahacker1-securesaml
Ruby SAML allows a SAML authentication bypass due to namespace handling (parser differential) Critical
CVE-2025-25292 was published for ruby-saml (RubyGems) Mar 12, 2025
p-
Ruby SAML allows remote Denial of Service (DoS) with compressed SAML responses High
CVE-2025-25293 was published for ruby-saml (RubyGems) Mar 12, 2025
p-
Withdrawn Advisory: Bootstrap Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2024-6484 was published for bootstrap (RubyGems) Jul 11, 2024 withdrawn
metametadata
Ruby SAML DOS vulnerability with large SAML response Moderate
CVE-2025-54572 was published for ruby-saml (RubyGems) Jul 30, 2025
Yuuki77 dblessing
protobuf-java has potential Denial of Service issue High
CVE-2024-7254 was published for com.google.protobuf:protobuf-java (RubyGems) Sep 19, 2024
anlakii
Denial of Service in jquery High
CVE-2016-10707 was published for jQuery (RubyGems) Jan 22, 2018
anlakii
Google Sign-In for Rails allowed redirect to protocol-relative URI Moderate
CVE-2025-58067 was published for google_sign_in (RubyGems) Aug 29, 2025
Withdrawn Advisory: AlchemyCMS is vulnerable to stored XSS via the /admin/pictures image field Moderate
CVE-2018-18307 was published for alchemy_cms (RubyGems) May 14, 2022 withdrawn
Google Sign-In for Rails allowed redirects to malformed URLs Moderate
CVE-2025-57821 was published for google_sign_in (RubyGems) Aug 27, 2025
Muntrive
Active Record logging vulnerable to ANSI escape injection Moderate
CVE-2025-55193 was published for activerecord (RubyGems) Aug 13, 2025
th4s1s
Active Storage allowed transformation methods that were potentially unsafe Critical
CVE-2025-24293 was published for activestorage (RubyGems) Aug 14, 2025
th4s1s
Job Iteration API is vulnerable to OS Command Injection attack through its CsvEnumerator class Critical
CVE-2025-53623 was published for job-iteration (RubyGems) Jul 14, 2025
calysteon yehuda-alt
Withdrawn Advisory: Thor can construct an unsafe shell command from library input. High
CVE-2025-54314 was published for thor (RubyGems) Jul 20, 2025 withdrawn
odaysec
gRPC Reachable Assertion issue High
CVE-2023-1428 was published for grpc (RubyGems) Jul 6, 2023
jonasfj tal-sealsecurity
gRPC connection termination issue Moderate
CVE-2023-32732 was published for grpc (RubyGems) Jul 6, 2023
jonasfj tal-sealsecurity
Connection confusion in gRPC High
CVE-2023-32731 was published for grpc (RubyGems) Jul 5, 2023
jmatosgrafana picatz
jonasfj tal-sealsecurity
Command Injection in lodash High
CVE-2021-23337 was published for lodash (RubyGems) May 6, 2021
mitchell-codecov nitaiapiiro
ebickle G-Rath
Regular Expression Denial of Service (ReDoS) in lodash Moderate
CVE-2020-28500 was published for lodash (RubyGems) Jan 6, 2022
mitchell-codecov nitaiapiiro
DmitriyLewen jkmartindale G-Rath
Prototype Pollution in lodash High
CVE-2020-8203 was published for lodash (RubyGems) Jul 15, 2020
mitchell-codecov jkmartindale
bengry greengeko tompazourek G-Rath
Prototype Pollution in lodash Critical
CVE-2019-10744 was published for lodash (RubyGems) Jul 10, 2019
G-Rath
Prototype Pollution in lodash Moderate
CVE-2018-3721 was published for lodash (RubyGems) Jul 26, 2018
G-Rath
Prototype Pollution in lodash High
CVE-2018-16487 was published for lodash (RubyGems) Feb 7, 2019
G-Rath
Regular Expression Denial of Service (ReDoS) in lodash Moderate
CVE-2019-1010266 was published for lodash (RubyGems) Jul 19, 2019
mitchell-codecov G-Rath
ember-source Cross-site Scripting vulnerability Low
CVE-2014-0046 was published for ember-source (RubyGems) Aug 28, 2018
tdunlap607 anlakii
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database