Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

25 advisories

Loading
CSS Injection in Chartkick gem Moderate
CVE-2020-16254 was published for chartkick (RubyGems) Aug 12, 2020
ExifTool vulnerable to arbitrary code execution High
GHSA-q95h-cqrv-8jv5 was published for exiftool_vendored (RubyGems) Jan 20, 2023
dgollahon
Unsanitized input leading to code injection in Dalli Low
CVE-2022-4064 was published for dalli (RubyGems) Nov 19, 2022
Command injection in cocoapods-downloader High
CVE-2022-21223 was published for cocoapods-downloader (RubyGems) Apr 2, 2022
Command injection in cocoapods-downloader High
CVE-2022-24440 was published for cocoapods-downloader (RubyGems) Apr 2, 2022
tdunlap607
Code Injection vulnerability in CarrierWave::RMagick High
CVE-2021-21305 was published for carrierwave (RubyGems) Feb 8, 2021
wonda-tea-coffee
Injection/XSS in Redcarpet Moderate
CVE-2020-26298 was published for redcarpet (RubyGems) Jan 11, 2021
field_test gem contains injection vulnerability Moderate
CVE-2019-13146 was published for field_test (RubyGems) Jul 16, 2019
Features file injection vulnerability Moderate
CVE-2013-4318 was published for features (RubyGems) May 5, 2022
richardfan0606
activesupport in Rails vulnerable to incorrect data conversion High
CVE-2013-0333 was published for activesupport (RubyGems) Oct 24, 2017
RubyGems Escape sequence injection in errors High
CVE-2019-8325 was published for rubygems-update (RubyGems) Jun 20, 2019
RubyGems Escape sequence injection vulnerability in api response handling High
CVE-2019-8323 was published for rubygems-update (RubyGems) Jun 20, 2019
RubyGem openshift-origin-controller is vulnerable to command injection Critical
CVE-2013-2095 was published for openshift-origin-controller (RubyGems) May 5, 2022
crack does not properly restrict casts of string values High
CVE-2013-1800 was published for crack (RubyGems) Oct 24, 2017
RubyGems Escape sequence injection vulnerability in gem owner High
CVE-2019-8322 was published for rubygems-update (RubyGems) Jun 20, 2019
Remote code execution in dependabot-core branch names when cloning High
CVE-2020-26222 was published for dependabot-common (RubyGems) Nov 13, 2020
mrthankyou
Code injection in dragonfly gem High
CVE-2013-5671 was published for dragonfly (RubyGems) Oct 24, 2017
G-Rath
HTTP Response Splitting (Early Hints) in Puma Moderate
CVE-2020-5249 was published for puma (RubyGems) Mar 3, 2020
HTTParty does not restrict casts of string values High
CVE-2013-1801 was published for httparty (RubyGems) Oct 24, 2017
Prototype Pollution in handlebars Critical
CVE-2019-19919 was published for bootstrap-wysihtml5-rails (RubyGems) Dec 26, 2019
HTTP response splitting in CGI High
CVE-2021-33621 was published for cgi (RubyGems) Nov 19, 2022
meineerde
TurboBoost Commands vulnerable to arbitrary method invocation High
CVE-2024-28181 was published for @turbo-boost/commands (RubyGems) Mar 15, 2024
RDoc RCE vulnerability with .rdoc_options Moderate
CVE-2024-27281 was published for rdoc (RubyGems) Mar 25, 2024
Camaleon CMS affected by arbitrary file write to RCE (GHSL-2024-182) High
CVE-2024-46986 was published for camaleon_cms (RubyGems) Sep 18, 2024
texpert
Arbitrary Code Execution in Rdoc High
CVE-2021-31799 was published for rdoc (RubyGems) Sep 1, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database