Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,822
Erlang
36
GitHub Actions
32
Go
2,413
Maven
5,000+
npm
4,052
NuGet
723
pip
3,844
Pub
12
RubyGems
933
Rust
1,005
Swift
38
Unreviewed advisories
All unreviewed
5,000+

134,825 advisories

Loading
actionpack Improper Input Validation vulnerability Moderate
CVE-2014-0082 was published for actionpack (RubyGems) Oct 24, 2017
Array data injection vulnerability in activerecord Moderate
CVE-2014-0080 was published for activerecord (RubyGems) Oct 24, 2017
rack-ssl Cross-site Scripting vulnerability Moderate
CVE-2014-2538 was published for rack-ssl (RubyGems) Oct 24, 2017
actionpack vulnerable to Cross-site Scripting Moderate
CVE-2013-6415 was published for actionpack (RubyGems) Oct 24, 2017
actionpack allows bypass of database-query restrictions Moderate
CVE-2013-6417 was published for actionpack (RubyGems) Oct 24, 2017
jquery-rails and jquery-ujs subject to Exposure of Sensitive Information Moderate
CVE-2015-1840 was published for jquery-rails (RubyGems) Oct 24, 2017
Rack vulnerable to Denial of Service via large parameter depth request Moderate
CVE-2015-3225 was published for rack (RubyGems) Oct 24, 2017
Active Record Improper Access Control Moderate
CVE-2015-7577 was published for activerecord (RubyGems) Oct 24, 2017
Root Path Disclosure in send Moderate
CVE-2015-8859 was published for send (npm) Oct 24, 2017
tdunlap607
Rails vulnerable to Cross-site Scripting Moderate
CVE-2014-0081 was published for actionpack (RubyGems) Oct 24, 2017
actionpack Path Traversal vulnerability Moderate
CVE-2014-0130 was published for actionpack (RubyGems) Oct 24, 2017
Exposure of Sensitive Information in bio-basespace-sdk Moderate
CVE-2013-7111 was published for bio-basespace-sdk (RubyGems) Oct 24, 2017
sprockets vulnerable to Path Traversal Moderate
CVE-2014-7819 was published for sprockets (RubyGems) Oct 24, 2017
actionpack vulnerable to Path Traversal Moderate
CVE-2014-7818 was published for actionpack (RubyGems) Oct 24, 2017
Directory traversal vulnerability in actionpack Moderate
CVE-2014-7829 was published for actionpack (RubyGems) Oct 24, 2017
paperclip Cross-site Scripting vulnerability Moderate
CVE-2015-2963 was published for paperclip (RubyGems) Oct 24, 2017
rails-html-sanitizer Cross-site Scripting vulnerability Moderate
CVE-2015-7578 was published for rails-html-sanitizer (RubyGems) Oct 24, 2017
will_paginate Cross-site Scripting vulnerability Moderate
CVE-2013-6459 was published for will_paginate (RubyGems) Oct 24, 2017
rails-html-sanitizer Cross-site Scripting vulnerability Moderate
CVE-2015-7580 was published for rails-html-sanitizer (RubyGems) Oct 24, 2017
activesupport Cross-site Scripting vulnerability Moderate
CVE-2015-3226 was published for activesupport (RubyGems) Oct 24, 2017
Rack rubygems receiving excessively long lines triggers out-of-memory error Moderate
CVE-2013-0183 was published for rack (RubyGems) Oct 24, 2017
activesupport Improper Input Validation vulnerability Moderate
CVE-2013-1856 was published for activesupport (RubyGems) Oct 24, 2017
Denial of service in ruby-openid Moderate
CVE-2013-1812 was published for ruby-openid (RubyGems) Oct 24, 2017
Spree Improper Input Validation vulnerability Moderate
CVE-2013-1656 was published for spree (RubyGems) Oct 24, 2017
omniauth-oauth2 Cross-Site Request Forgery vulnerability Moderate
CVE-2012-6134 was published for omniauth-oauth2 (RubyGems) Oct 24, 2017
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database