GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
55 advisories
Filter by severity
Password Pusher rate limiter can be bypassed by forging proxy headers
Low
CVE-2024-52796
was published
for
pwpush
(RubyGems)
Nov 20, 2024
Duplicate Advisory: Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459
Low
GHSA-r3w4-36x6-7r99
was published
for
nokogiri
(RubyGems)
May 14, 2024
•
withdrawn
Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459
Low
GHSA-r95h-9x8f-r3f7
was published
for
nokogiri
(RubyGems)
May 13, 2024
RDoc RCE vulnerability with .rdoc_options
Low
CVE-2024-27281
was published
for
rdoc
(RubyGems)
Mar 25, 2024
Rack has possible DoS Vulnerability with Range Header
Low
CVE-2024-26141
was published
for
rack
(RubyGems)
Feb 28, 2024
Rack Header Parsing leads to Possible Denial of Service Vulnerability
Low
CVE-2024-26146
was published
for
rack
(RubyGems)
Feb 28, 2024
Rails has possible ReDoS vulnerability in Accept header parsing in Action Dispatch
Low
CVE-2024-26142
was published
for
actionpack
(RubyGems)
Feb 27, 2024
Duplicate Advisory: govuk_tech_docs vulnerable to unescaped HTML on search results page
Low
GHSA-4mvm-xh8j-fv27
was published
for
govuk_tech_docs
(RubyGems)
Jan 4, 2024
•
withdrawn
Duplicate Advisory: Malicious URL drafting attack against iodines static file server may allow path traversal
Low
GHSA-qwf7-rv77-fcr3
was published
for
iodine
(RubyGems)
Jan 4, 2024
•
withdrawn
Duplicate Advisory: Race Condition leading to logging errors
Low
GHSA-v444-jggx-6v7f
was published
for
audited
(RubyGems)
Jan 4, 2024
•
withdrawn
Active Support Possibly Discloses Locally Encrypted Files
Low
CVE-2023-38037
was published
for
activesupport
(RubyGems)
Aug 23, 2023
Spina Cross-site Scripting vulnerability
Low
CVE-2023-3445
was published
for
spina
(RubyGems)
Jun 28, 2023
Race Condition leading to logging errors
Low
CVE-2024-22047
was published
for
audited
(RubyGems)
May 1, 2023
Sensitive Terraform Output Values Printed At Info Logging Level In Kitchen-Terraform
Low
CVE-2023-30618
was published
for
kitchen-terraform
(RubyGems)
Apr 24, 2023
govuk_tech_docs vulnerable to unescaped HTML on search results page
Low
CVE-2024-22048
was published
for
govuk_tech_docs
(RubyGems)
Apr 11, 2023
Possible Denial of Service Vulnerability in Rack's header parsing
Low
CVE-2023-27539
was published
for
rack
(RubyGems)
Mar 15, 2023
Denial of Service Vulnerability in Rack Content-Disposition parsing
Low
CVE-2022-44571
was published
for
rack
(RubyGems)
Jan 18, 2023
ReDoS based DoS vulnerability in Action Dispatch
Low
CVE-2023-22792
was published
for
actionpack
(RubyGems)
Jan 18, 2023
ReDoS based DoS vulnerability in Active Support's underscore
Low
CVE-2023-22796
was published
for
activesupport
(RubyGems)
Jan 18, 2023
ReDoS based DoS vulnerability in Action Dispatch
Low
CVE-2023-22795
was published
for
actionpack
(RubyGems)
Jan 18, 2023
Denial of service via multipart parsing in Rack
Low
CVE-2022-44572
was published
for
rack
(RubyGems)
Jan 18, 2023
ReDoS based DoS vulnerability in GlobalID
Low
CVE-2023-22799
was published
for
globalid
(RubyGems)
Jan 18, 2023
Unsanitized input leading to code injection in Dalli
Low
CVE-2022-4064
was published
for
dalli
(RubyGems)
Nov 19, 2022
fluentd vulnerable to remote code execution due to insecure deserialization (in non-default configuration)
Low
CVE-2022-39379
was published
for
fluentd
(RubyGems)
Nov 2, 2022
ProTip!
Advisories are also available from the
GraphQL API