Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

885 advisories

Loading
Sanitize vulnerable to Cross-site Scripting via insufficient neutralization of `style` element content High
CVE-2023-36823 was published for sanitize (RubyGems) Jul 6, 2023
cure53
Connection confusion in gRPC High
CVE-2023-32731 was published for grpc (RubyGems) Jul 5, 2023
jmatosgrafana picatz
jonasfj
URI gem has ReDoS vulnerability Moderate
CVE-2023-36617 was published for uri (RubyGems) Jun 29, 2023
jasnow maxfelsher-cgi
Actionpack has possible cross-site scripting vulnerability via User Supplied Values to redirect_to Moderate
CVE-2023-28362 was published for actionpack (RubyGems) Jun 29, 2023
Spina Cross-site Scripting vulnerability Low
CVE-2023-3445 was published for spina (RubyGems) Jun 28, 2023
Duplicate Advisory: jQuery Cross Site Scripting vulnerability Moderate
CVE-2020-23064 was published for jQuery (RubyGems) Jun 26, 2023 withdrawn
eoftedal
Doorkeeper Improper Authentication vulnerability Moderate
CVE-2023-34246 was published for doorkeeper (RubyGems) Jun 12, 2023
hickford rgammans
adam-h nbudin nbulaj
rails-ujs vulnerable to DOM Based Cross-site Scripting contenteditable HTML Elements Moderate
CVE-2023-23913 was published for actionview (RubyGems) Jun 9, 2023
Kredis JSON Possible Deserialization of Untrusted Data Vulnerability Moderate
CVE-2023-27531 was published for kredis (RubyGems) Jun 9, 2023
RedCloth Regular Expression Denial of Service issue High
CVE-2023-31606 was published for RedCloth (RubyGems) Jun 6, 2023
trautlein
avo possible unsafe reflection / partial DoS vulnerability High
CVE-2023-34102 was published for avo (RubyGems) Jun 6, 2023
FLX-0x00
avo vulnerable to Stored XSS (Cross Site Scripting) in html content based fields High
CVE-2023-34103 was published for avo (RubyGems) Jun 6, 2023
FLX-0x00 Mys7ic
ruby-saml vulnerable to XPath injection Critical
CVE-2015-20108 was published for ruby-saml (RubyGems) May 27, 2023
Server-Side Template Injection in Camaleon CMS Critical
CVE-2023-30145 was published for camaleon_cms (RubyGems) May 26, 2023
Race Condition leading to logging errors Low
CVE-2024-22047 was published for audited (RubyGems) May 1, 2023
htrgouvea giovannism20
danielmorrison
Buffer overflow in sponge queue functions Critical
CVE-2022-37454 was published for pysha3 (RubyGems) Apr 26, 2023
Sensitive Terraform Output Values Printed At Info Logging Level In Kitchen-Terraform Low
CVE-2023-30618 was published for kitchen-terraform (RubyGems) Apr 24, 2023
brettcurtis
sidekiq vulnerable to cross-site scripting High
CVE-2023-1892 was published for sidekiq (RubyGems) Apr 21, 2023
aripollak
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in Pay High
CVE-2023-30614 was published for pay (RubyGems) Apr 20, 2023
p- excid3
Commonmarker vulnerable to to several quadratic complexity bugs that may lead to denial of service Moderate
GHSA-48wp-p9qv-4j64 was published for commonmarker (RubyGems) Apr 11, 2023
Nokogiri updates packaged libxml2 to v2.10.4 to resolve multiple CVEs Moderate
GHSA-pxvg-2qj5-37jq was published for nokogiri (RubyGems) Apr 11, 2023
govuk_tech_docs vulnerable to unescaped HTML on search results page Low
CVE-2024-22048 was published for govuk_tech_docs (RubyGems) Apr 11, 2023
ChrisBAshton
Fluent Fluentd and Fluent-ui use default password High
CVE-2020-21514 was published for fluentd (RubyGems) Apr 4, 2023
Ruby Time component ReDoS issue High
CVE-2023-28756 was published for time (RubyGems) Mar 31, 2023
Ruby URI component ReDoS issue High
CVE-2023-28755 was published for uri (RubyGems) Mar 31, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database