Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,822
Erlang
36
GitHub Actions
32
Go
2,413
Maven
5,000+
npm
4,052
NuGet
723
pip
3,844
Pub
12
RubyGems
933
Rust
1,005
Swift
38
Unreviewed advisories
All unreviewed
5,000+

309 advisories

Loading
Thor can construct an unsafe shell command from library input. High
CVE-2025-54314 was published for thor (RubyGems) Jul 20, 2025
odaysec
Withdrawn: Fortra GoAnywhere MFT Deserialization of Untrusted Data vulnerability affects metasploit-framework High
CVE-2023-0669 was published for metasploit-framework (RubyGems) Feb 6, 2023 withdrawn
smcintyre-r7
Job Iteration API is vulnerable to OS Command Injection attack through its CsvEnumerator class High
CVE-2025-53623 was published for job-iteration (RubyGems) Jul 14, 2025
calysteon
Path Traversal in Action View High
CVE-2019-5418 was published for actionview (RubyGems) Mar 13, 2019
Fluent Fluentd and Fluent-ui use default password High
CVE-2020-21514 was published for fluentd-ui (RubyGems) Apr 4, 2023
kenhys
OpenC3 COSMOS Vulnerable to Directory Traversal via openc3-api/tables endpoint High
CVE-2025-28382 was published for openc3-cosmos-tool-iframe (RubyGems) Jun 13, 2025
WEBRick vulnerable to HTTP Request/Response Smuggling High
CVE-2020-25613 was published for webrick (RubyGems) May 24, 2022
decsecre583
Duplicate Advisory: Camaleon CMS vulnerable to remote code execution through code injection (GHSL-2024-185) High
GHSA-3hp8-6j24-m5gm was published for camaleon_cms (RubyGems) Sep 23, 2024 withdrawn
postmodern
Nokogiri Improperly Handles Unexpected Data Type High
CVE-2022-29181 was published for nokogiri (RubyGems) May 23, 2022
agustingianni decsecre583
Camaleon CMS vulnerable to remote code execution through code injection (GHSL-2024-185) High
GHSA-7x4w-cj9r-h4v9 was published for camaleon_cms (RubyGems) Sep 18, 2024
texpert
Denial of Service in uap-core when processing crafted User-Agent strings High
GHSA-pcqq-5962-hvcw was published for user_agent_parser (RubyGems) Mar 10, 2020
bcaller
Rack has an Unbounded-Parameter DoS in Rack::QueryParser High
CVE-2025-46727 was published for rack (RubyGems) May 8, 2025
TaiPhung217 jeremyevans
ioquatix
protobuf-java has potential Denial of Service issue High
CVE-2024-7254 was published for com.google.protobuf:protobuf-java (RubyGems) Sep 19, 2024
Camaleon CMS vulnerable to arbitrary path traversal (GHSL-2024-183) High
CVE-2024-46987 was published for camaleon_cms (RubyGems) Sep 18, 2024
texpert
Camaleon CMS affected by arbitrary file write to RCE (GHSL-2024-182) High
CVE-2024-46986 was published for camaleon_cms (RubyGems) Sep 18, 2024
texpert
Elasticsearch Logstash allows remote attackers to execute arbitrary commands High
CVE-2014-4326 was published for logstash (RubyGems) May 14, 2022
postmodern tdeo
Dragonfly Code Injection vulnerability High
CVE-2013-1756 was published for dragonfly (RubyGems) Oct 24, 2017
ruby-git has potential remote code execution vulnerability High
CVE-2022-46648 was published for git (RubyGems) Jan 9, 2023
Ruby on Rails vulnerable to code injection High
CVE-2006-4111 was published for rails (RubyGems) Oct 24, 2017
Rails Denial of Service vulnerability High
CVE-2006-4112 was published for rails (RubyGems) Oct 24, 2017
Information disclosure issue in Active Resource High
CVE-2020-8151 was published for activeresource (RubyGems) May 21, 2020
levpachmanov
SQL Injection in Active Record High
CVE-2014-3482 was published for activerecord (RubyGems) Oct 24, 2017
levpachmanov
Nokogiri updates packaged libxslt to v1.1.43 to resolve multiple CVEs High
GHSA-mrxw-mxhj-p664 was published for nokogiri (RubyGems) Mar 14, 2025
Local File Inclusion in Rack::Static High
CVE-2025-27610 was published for rack (RubyGems) Mar 10, 2025
Masamuneee jeremyevans
ioquatix
Ruby SAML allows remote Denial of Service (DoS) with compressed SAML responses High
CVE-2025-25293 was published for ruby-saml (RubyGems) Mar 12, 2025
p-
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database