Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
50
GitHub Actions
50
Go
3,685
Maven
5,000+
npm
5,000+
NuGet
933
pip
4,920
Pub
13
RubyGems
1,053
Rust
1,320
Swift
53
Unreviewed advisories
All unreviewed
5,000+

16 advisories

Loading
ReDoS based DoS vulnerability in Active Support's underscore Low
CVE-2023-22796 was published for activesupport (RubyGems) Jan 18, 2023
robertoz-01 Credited to robertoz-01, postmodern, and G-Rath postmodern postmodern
G-Rath G-Rath
Code injection in dragonfly gem High
CVE-2013-5671 was published for dragonfly (RubyGems) Oct 24, 2017
G-Rath Credited to G-Rath
OmniAuth Ruby gem Cross-site Request Forgery in request phase High
CVE-2015-9284 was published for omniauth (RubyGems) May 29, 2019
G-Rath Credited to G-Rath and eugeneius eugeneius eugeneius
Kaminari Insecure File Permissions Vulnerability Moderate
CVE-2024-32978 was published for kaminari (RubyGems) May 28, 2024
G-Rath Credited to G-Rath
request_store has Incorrect Default Permissions Moderate
CVE-2024-43791 was published for request_store (RubyGems) Aug 23, 2024
G-Rath Credited to G-Rath
Possible Denial of Service Vulnerability in Rack's header parsing Low
CVE-2023-27539 was published for rack (RubyGems) Mar 15, 2023
G-Rath Credited to G-Rath
WEBrick Improper Input Validation vulnerability Moderate
CVE-2009-4492 was published for webrick (RubyGems) Oct 24, 2017
G-Rath Credited to G-Rath
Prototype Pollution in lodash High
CVE-2018-16487 was published for lodash (RubyGems) Feb 7, 2019
G-Rath Credited to G-Rath
Prototype Pollution in lodash Moderate
CVE-2018-3721 was published for lodash (RubyGems) Jul 26, 2018
G-Rath Credited to G-Rath
Prototype Pollution in lodash Critical
CVE-2019-10744 was published for lodash (RubyGems) Jul 10, 2019
G-Rath Credited to G-Rath
Prototype Pollution in lodash High
CVE-2020-8203 was published for lodash (RubyGems) Jul 15, 2020
mitchell-codecov Credited to mitchell-codecov, jkmartindale, bengry, greengeko, tompazourek, and G-Rath jkmartindale jkmartindale
bengry bengry greengeko greengeko tompazourek tompazourek G-Rath G-Rath
Command Injection in lodash High
CVE-2021-23337 was published for lodash (RubyGems) May 6, 2021
mitchell-codecov Credited to mitchell-codecov, nitaiapiiro, ebickle, and G-Rath nitaiapiiro nitaiapiiro
ebickle ebickle G-Rath G-Rath
Regular Expression Denial of Service (ReDoS) in lodash Moderate
CVE-2019-1010266 was published for lodash (RubyGems) Jul 19, 2019
mitchell-codecov Credited to mitchell-codecov, G-Rath, and levpachmanov G-Rath G-Rath
levpachmanov levpachmanov
Regular Expression Denial of Service (ReDoS) in lodash Moderate
CVE-2020-28500 was published for lodash (RubyGems) Jan 6, 2022
mitchell-codecov Credited to mitchell-codecov, nitaiapiiro, DmitriyLewen, jkmartindale, G-Rath, and levpachmanov nitaiapiiro nitaiapiiro
DmitriyLewen DmitriyLewen jkmartindale jkmartindale G-Rath G-Rath levpachmanov levpachmanov
ROTP 6.2.2 and 6.2.1 has 0666 permissions for the .rb files. Moderate
CVE-2024-28862 was published for rotp (RubyGems) Mar 18, 2024
G-Rath Credited to G-Rath
Denial of Service Vulnerability in ActiveRecord's PostgreSQL adapter High
CVE-2022-44566 was published for activerecord (RubyGems) Jan 18, 2023
robertoz-01 Credited to robertoz-01, aviyam181199, G-Rath, and RDIL aviyam181199 aviyam181199
G-Rath G-Rath RDIL RDIL
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database