Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

35 advisories

Loading
Camaleon CMS vulnerable to arbitrary path traversal (GHSL-2024-183) High
CVE-2024-46987 was published for camaleon_cms (RubyGems) Sep 18, 2024
texpert
Camaleon CMS affected by arbitrary file write to RCE (GHSL-2024-182) High
CVE-2024-46986 was published for camaleon_cms (RubyGems) Sep 18, 2024
texpert
Camaleon CMS vulnerable to remote code execution through code injection (GHSL-2024-185) High
GHSA-7x4w-cj9r-h4v9 was published for camaleon_cms (RubyGems) Sep 18, 2024
texpert
Directory traversal vulnerability in Action View in Ruby on Rails High
CVE-2016-0752 was published for actionpack (RubyGems) Oct 24, 2017
Path Traversal vulnerability that affects yard High
CVE-2019-1020001 was published for yard (RubyGems) Jul 2, 2019
Malicious URL drafting attack against iodines static file server may allow path traversal Low
CVE-2024-22050 was published for iodine (RubyGems) Oct 7, 2019
Duplicate Advisory: Malicious URL drafting attack against iodines static file server may allow path traversal Low
GHSA-qwf7-rv77-fcr3 was published for iodine (RubyGems) Jan 4, 2024 withdrawn
Puppet vulnerable to Path Traversal Low
CVE-2012-3865 was published for puppet (RubyGems) Oct 24, 2017
actionview contains Path Traversal vulnerability Moderate
CVE-2016-2097 was published for actionpack (RubyGems) Oct 24, 2017
rswag vulnerable to arbitrary JSON and YAML file read via directory traversal High
CVE-2023-38337 was published for rswag (RubyGems) Jul 15, 2023
Mail Gem Path Traversal vulnerability Moderate
CVE-2012-2139 was published for mail (RubyGems) Oct 24, 2017
Mongrel vulnerable to directory traversal via double-encoded sequences Moderate
CVE-2007-6612 was published for mongrel (RubyGems) May 1, 2022
Sprockets path traversal leads to information leak High
CVE-2018-3760 was published for sprockets (RubyGems) Jun 20, 2018
kurt-r2c
archive-tar-minitar and minitar vulnerable to Path Traversal High
CVE-2016-10173 was published for archive-tar-minitar (RubyGems) Oct 24, 2017
RubyGems Delete directory using symlink when decompressing tar High
CVE-2019-8320 was published for rubygems-update (RubyGems) Jun 20, 2019
Directory traversal in Rack::Directory app bundled with Rack High
CVE-2020-8161 was published for rack (RubyGems) Jul 6, 2020
Directory traversal vulnerability in RubyZip Critical
CVE-2017-5946 was published for rubyzip (RubyGems) Oct 24, 2017
tdunlap607
Rack Vulnerable to Path Traversal Moderate
CVE-2013-0262 was published for rack (RubyGems) Oct 24, 2017
Directory traversal vulnerability in actionpack Moderate
CVE-2014-7829 was published for actionpack (RubyGems) Oct 24, 2017
actionpack vulnerable to Path Traversal Moderate
CVE-2014-7818 was published for actionpack (RubyGems) Oct 24, 2017
Path Traversal in Action View High
CVE-2019-5418 was published for actionview (RubyGems) Mar 13, 2019
actionpack Path Traversal vulnerability Moderate
CVE-2014-0130 was published for actionpack (RubyGems) Oct 24, 2017
Arbitrary file read vulnerability in yard server High
CVE-2017-17042 was published for yard (RubyGems) Dec 21, 2017
Wicked gem contains Path traversal vulnerability Moderate
CVE-2013-4413 was published for wicked (RubyGems) Oct 24, 2017
sinatra does not validate expanded path matches High
CVE-2022-29970 was published for sinatra (RubyGems) May 3, 2022
ProTip! Advisories are also available from the GraphQL API