GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
60 advisories
Filter by severity
Low severity vulnerability that affects sensu
Low
CVE-2018-1000060
was published
for
sensu
(RubyGems)
Jul 23, 2018
•
withdrawn
SQLite3 addresses vulnerability in packaged version of libsqlite
Low
GHSA-mgvv-5mxp-xq67
was published
for
sqlite3
(RubyGems)
Oct 3, 2022
personnummer/ruby vulnerable to Improper Input Validation
Low
GHSA-vp9c-fpxx-744v
was published
for
personnummer
(RubyGems)
Sep 23, 2020
rest-client allows local users to obtain sensitive information by reading the log
Low
CVE-2015-3448
was published
for
rest-client
(RubyGems)
Oct 24, 2017
Octokit gem published with world-writable files
Low
CVE-2022-31072
was published
for
octokit
(RubyGems)
Jun 15, 2022
fluentd vulnerable to remote code execution due to insecure deserialization (in non-default configuration)
Low
CVE-2022-39379
was published
for
fluentd
(RubyGems)
Nov 2, 2022
Unsanitized input leading to code injection in Dalli
Low
CVE-2022-4064
was published
for
dalli
(RubyGems)
Nov 19, 2022
Katello cleartext password storage issue
Low
CVE-2019-14825
was published
for
katello
(RubyGems)
May 24, 2022
Gitaly Insufficient Session Expiration vulnerability
Low
CVE-2020-13353
was published
for
gitaly
(RubyGems)
May 24, 2022
Puma with proxy which forwards LF characters as line endings could allow HTTP request smuggling
Low
CVE-2021-41136
was published
for
puma
(RubyGems)
Oct 12, 2021
CSRF allows attacker to finalize/unfinalize order adjustments in solidus_backend
Low
CVE-2022-31000
was published
for
solidus_backend
(RubyGems)
Jun 1, 2022
Puppet supports use of IP addresses in certnames without warning of potential risks
Low
CVE-2012-3408
was published
for
puppet
(RubyGems)
Oct 24, 2017
ReDoS based DoS vulnerability in Action Dispatch
Low
CVE-2023-22795
was published
for
actionpack
(RubyGems)
Jan 18, 2023
Puppet Labs Facter allows local users to obtain sensitive Amazon EC2 IAM instance metadata
Low
CVE-2015-1426
was published
for
facter
(RubyGems)
May 14, 2022
Phusion Passenger allows remote attackers to spoof headers
Low
CVE-2015-7519
was published
for
passenger
(RubyGems)
Oct 10, 2018
Local API Login Credentials Disclosure in paratrooper-pingdom
Low
CVE-2014-1233
was published
for
paratrooper-pingdom
(RubyGems)
Oct 24, 2017
Insecure use of temporary files in passenger
Low
CVE-2014-1831
was published
for
passenger
(RubyGems)
Oct 10, 2018
Octopoller gem published with world-writable files
Low
CVE-2022-31071
was published
for
octopoller
(RubyGems)
Jun 15, 2022
ruby_parser allows local users to overwrite arbitrary files via symlink attack on temporary file with predictable name
Low
CVE-2013-0162
was published
for
ruby_parser
(RubyGems)
May 5, 2022
Possible Denial of Service Vulnerability in Rack's header parsing
Low
CVE-2023-27539
was published
for
rack
(RubyGems)
Mar 15, 2023
ReDoS based DoS vulnerability in Active Support's underscore
Low
CVE-2023-22796
was published
for
activesupport
(RubyGems)
Jan 18, 2023
Active Support Possibly Discloses Locally Encrypted Files
Low
CVE-2023-38037
was published
for
activesupport
(RubyGems)
Aug 23, 2023
Paratrooper-newrelic Exposes of Sensitive Information to an Unauthorized Actor
Low
CVE-2014-1234
was published
for
paratrooper-newrelic
(RubyGems)
Oct 24, 2017
RuboCop gem Insecure use of /tmp
Low
CVE-2017-8418
was published
for
rubocop
(RubyGems)
Nov 15, 2017
Kafo allows local users to obtain passwords and other sensitive information by reading default_values.yaml
Low
CVE-2014-0135
was published
for
kafo
(RubyGems)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API