Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,614
Maven
5,000+
npm
4,254
NuGet
760
pip
4,031
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

147 advisories

Loading
Fat Free CRM subject to Cross-site Scripting Moderate
CVE-2014-5441 was published for fat_free_crm (RubyGems) May 17, 2022
Loofah Cross-site Scripting vulnerability Moderate
CVE-2018-16468 was published for loofah (RubyGems) Nov 1, 2018
Cross-site Scripting in Chartkick Moderate
CVE-2019-12732 was published for chartkick (RubyGems) Jun 7, 2019
rails-html-sanitizer Cross-site Scripting vulnerability Moderate
CVE-2015-7578 was published for rails-html-sanitizer (RubyGems) Oct 24, 2017
paperclip Cross-site Scripting vulnerability Moderate
CVE-2015-2963 was published for paperclip (RubyGems) Oct 24, 2017
rails-html-sanitizer Cross-site Scripting vulnerability Moderate
CVE-2015-7580 was published for rails-html-sanitizer (RubyGems) Oct 24, 2017
rails-html-sanitizer Cross-site Scripting vulnerability Moderate
CVE-2015-7579 was published for rails-html-sanitizer (RubyGems) Oct 24, 2017
Cross-site Scripting in Sidekiq Moderate
CVE-2021-30151 was published for sidekiq (RubyGems) Oct 6, 2021
Cross-site scripting in padrino-contrib Moderate
CVE-2019-16145 was published for padrino-contrib (RubyGems) Sep 23, 2019
radiant vulnerable to Cross-site Scripting Moderate
CVE-2018-7261 was published for radiant (RubyGems) Jul 27, 2018
Camaleon CMS Stored Cross-site Scripting vulnerability Moderate
CVE-2021-25969 was published for camaleon_cms (RubyGems) May 24, 2022
Ember.js Cross-site Scripting vulnerability Moderate
CVE-2014-0013 was published for ember-source (RubyGems) May 14, 2022
Cross site scripting in publify Moderate
CVE-2021-25974 was published for publify_core (RubyGems) May 24, 2022
Cross site scripting in publify Moderate
CVE-2021-25975 was published for publify_core (RubyGems) May 24, 2022
Gollum Cross-site Scripting vulnerability via filename parameter to New Page dialog Moderate
CVE-2020-35305 was published for gollum (RubyGems) Jul 16, 2022
Radiant CMS vulnerable to Cross-site Scripting Moderate
CVE-2018-5216 was published for radiant (RubyGems) Jan 6, 2018
Improper neutralization of `noscript` element content may allow XSS in Sanitize Moderate
CVE-2023-23627 was published for sanitize (RubyGems) Jan 28, 2023
leeN
Credited to leeN
rails-html-sanitizer Cross-site Scripting vulnerability Moderate
CVE-2018-3741 was published for rails-html-sanitizer (RubyGems) Apr 26, 2018
Camaleon CMS vulnerable to Stored Cross-site Scripting Moderate
CVE-2018-18260 was published for camaleon_cms (RubyGems) May 13, 2022
katello Cross-site Scripting vulnerability Moderate
CVE-2018-16887 was published for katello (RubyGems) May 14, 2022
xapian-core Cross-site Scripting vulnerability Moderate
CVE-2018-0499 was published for xapian-core (RubyGems) May 14, 2022
Gem in a Box vulnerable to Cross-site Scripting Moderate
CVE-2017-14506 was published for geminabox (RubyGems) May 13, 2022
RubyGems Cross-site Scripting vulnerability Moderate
CVE-2018-1000078 was published for org.jruby:jruby-stdlib (RubyGems) May 14, 2022
grape subject to Cross-site Scripting Moderate
CVE-2018-3769 was published for grape (RubyGems) Aug 13, 2018
Geminabox contains Cross-site Scripting Moderate
CVE-2017-16792 was published for geminabox (RubyGems) Nov 29, 2017
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database