Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

54 advisories

Loading
Low severity vulnerability that affects sensu Low
CVE-2018-1000060 was published for sensu (RubyGems) Jul 23, 2018 withdrawn
SQLite3 addresses vulnerability in packaged version of libsqlite Low
GHSA-mgvv-5mxp-xq67 was published for sqlite3 (RubyGems) Oct 3, 2022
personnummer/ruby vulnerable to Improper Input Validation Low
GHSA-vp9c-fpxx-744v was published for personnummer (RubyGems) Sep 23, 2020
rest-client allows local users to obtain sensitive information by reading the log Low
CVE-2015-3448 was published for rest-client (RubyGems) Oct 24, 2017
Octokit gem published with world-writable files Low
CVE-2022-31072 was published for octokit (RubyGems) Jun 15, 2022
fluentd vulnerable to remote code execution due to insecure deserialization (in non-default configuration) Low
CVE-2022-39379 was published for fluentd (RubyGems) Nov 2, 2022
p-
Unsanitized input leading to code injection in Dalli Low
CVE-2022-4064 was published for dalli (RubyGems) Nov 19, 2022
Katello cleartext password storage issue Low
CVE-2019-14825 was published for katello (RubyGems) May 24, 2022
Gitaly Insufficient Session Expiration vulnerability Low
CVE-2020-13353 was published for gitaly (RubyGems) May 24, 2022
Puma with proxy which forwards LF characters as line endings could allow HTTP request smuggling Low
CVE-2021-41136 was published for puma (RubyGems) Oct 12, 2021
asta12 mattiasgrenfeldt
CSRF allows attacker to finalize/unfinalize order adjustments in solidus_backend Low
CVE-2022-31000 was published for solidus_backend (RubyGems) Jun 1, 2022
Puppet supports use of IP addresses in certnames without warning of potential risks Low
CVE-2012-3408 was published for puppet (RubyGems) Oct 24, 2017
ReDoS based DoS vulnerability in Action Dispatch Low
CVE-2023-22795 was published for actionpack (RubyGems) Jan 18, 2023
robertoz-01 esparta
Puppet Labs Facter allows local users to obtain sensitive Amazon EC2 IAM instance metadata Low
CVE-2015-1426 was published for facter (RubyGems) May 14, 2022
Phusion Passenger allows remote attackers to spoof headers Low
CVE-2015-7519 was published for passenger (RubyGems) Oct 10, 2018
Local API Login Credentials Disclosure in paratrooper-pingdom Low
CVE-2014-1233 was published for paratrooper-pingdom (RubyGems) Oct 24, 2017
Insecure use of temporary files in passenger Low
CVE-2014-1831 was published for passenger (RubyGems) Oct 10, 2018
Octopoller gem published with world-writable files Low
CVE-2022-31071 was published for octopoller (RubyGems) Jun 15, 2022
ruby_parser allows local users to overwrite arbitrary files via symlink attack on temporary file with predictable name Low
CVE-2013-0162 was published for ruby_parser (RubyGems) May 5, 2022
Possible Denial of Service Vulnerability in Rack's header parsing Low
CVE-2023-27539 was published for rack (RubyGems) Mar 15, 2023
G-Rath
ReDoS based DoS vulnerability in Active Support's underscore Low
CVE-2023-22796 was published for activesupport (RubyGems) Jan 18, 2023
robertoz-01 postmodern
G-Rath
Active Support Possibly Discloses Locally Encrypted Files Low
CVE-2023-38037 was published for activesupport (RubyGems) Aug 23, 2023
Paratrooper-newrelic Exposes of Sensitive Information to an Unauthorized Actor Low
CVE-2014-1234 was published for paratrooper-newrelic (RubyGems) Oct 24, 2017
RuboCop gem Insecure use of /tmp Low
CVE-2017-8418 was published for rubocop (RubyGems) Nov 15, 2017
tdunlap607
Kafo allows local users to obtain passwords and other sensitive information by reading default_values.yaml Low
CVE-2014-0135 was published for kafo (RubyGems) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database