Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,347
Erlang
31
GitHub Actions
22
Go
2,117
Maven
5,000+
npm
3,768
NuGet
680
pip
3,457
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

300 advisories

Loading
git-fastclone permits arbitrary shell command execution from .gitmodules High
CVE-2015-8968 was published for git-fastclone (RubyGems) Aug 15, 2018
Curl Gem insufficient URL escaping command injection High
CVE-2013-2617 was published for curl (RubyGems) Oct 24, 2017
extlib does not properly restrict casts of string values High
CVE-2013-1802 was published for extlib (RubyGems) Oct 24, 2017
sfpagent Command Injection vulnerability High
CVE-2014-2888 was published for sfpagent (RubyGems) Oct 24, 2017
Nokogiri contains libxml Out-of-bounds Write vulnerability High
CVE-2021-3517 was published for nokogiri (RubyGems) May 24, 2022
Thumbshooter vulnerable to Code Injection High
CVE-2013-1898 was published for thumbshooter (RubyGems) Oct 24, 2017
fastreader Gem for Ruby URI Handling Arbitrary Command Injection High
CVE-2013-2615 was published for fastreader (RubyGems) Oct 24, 2017
RubyGems Escape sequence injection vulnerability in api response handling High
CVE-2019-8323 was published for rubygems-update (RubyGems) Jun 20, 2019
RubyGems Escape sequence injection vulnerability in verbose High
CVE-2019-8321 was published for rubygems-update (RubyGems) Jun 20, 2019
RubyGems Escape sequence injection in errors High
CVE-2019-8325 was published for rubygems-update (RubyGems) Jun 20, 2019
RubyGems Delete directory using symlink when decompressing tar High
CVE-2019-8320 was published for rubygems-update (RubyGems) Jun 20, 2019
Code injection in RubyGems High
CVE-2019-8324 was published for rubygems-update (RubyGems) Jun 20, 2019
Directory traversal in Rack::Directory app bundled with Rack High
CVE-2020-8161 was published for rack (RubyGems) Jul 6, 2020
Rack allows Percent-encoded cookies to overwrite existing prefixed cookie names High
CVE-2020-8184 was published for rack (RubyGems) Jun 24, 2020
Ruby-saml allows attackers to perform XML signature wrapping attacks High
CVE-2016-5697 was published for ruby-saml (RubyGems) Aug 21, 2018
Ox gem crashes due to a crafted input High
CVE-2017-15928 was published for ox (RubyGems) Nov 21, 2017
Omniauth allows POST parameters to be stored in session High
CVE-2017-18076 was published for omniauth (RubyGems) Jan 29, 2018
Nokogiri gem, via libxml, is affected by DoS vulnerabilities High
CVE-2017-15412 was published for nokogiri (RubyGems) May 14, 2022
espen mattyr
flavorjones staticintlucas thomasthaddeus BaerMitUmlaut dlackty
Nokogiri NULL Pointer Dereference High
CVE-2018-14404 was published for nokogiri (RubyGems) Jan 17, 2019
Nokogiri subject to DoS via libxml2 vulnerability High
CVE-2015-5312 was published for nokogiri (RubyGems) Aug 21, 2018
Ruby_parser-legacy Incorrect Permission Assignment for Critical Resource High
CVE-2019-18409 was published for ruby_parser-legacy (RubyGems) Oct 25, 2019
JSON-jwt Gem lacked element count during splitting of JWE string High
CVE-2019-18848 was published for json-jwt (RubyGems) Nov 14, 2019
RubyGems vulnerable to DNS hijack attack High
CVE-2015-3900 was published for rubygems-update (RubyGems) May 14, 2022
PgHero gem allows CSRF High
CVE-2020-16253 was published for pghero (RubyGems) Aug 5, 2020
Pgsync Contains Cleartext Transmission of Sensitive Information High
CVE-2021-31671 was published for pgsync (RubyGems) Apr 27, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database