GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,263
Erlang
31
GitHub Actions
21
Go
2,033
Maven
5,000+
npm
3,732
NuGet
662
pip
3,411
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+
61 advisories
Filter by severity
Possible Content Security Policy bypass in Action Dispatch
Low
CVE-2024-54133
was published
for
actionpack
(RubyGems)
Dec 10, 2024
rails-html-sanitizer has XSS vulnerability with certain configurations
Low
CVE-2024-53989
was published
for
rails-html-sanitizer
(RubyGems)
Dec 2, 2024
rails-html-sanitizer has XSS vulnerability with certain configurations
Low
CVE-2024-53988
was published
for
rails-html-sanitizer
(RubyGems)
Dec 2, 2024
rails-html-sanitizer has XSS vulnerability with certain configurations
Low
CVE-2024-53987
was published
for
rails-html-sanitizer
(RubyGems)
Dec 2, 2024
rails-html-sanitizer has XSS vulnerability with certain configurations
Low
CVE-2024-53986
was published
for
rails-html-sanitizer
(RubyGems)
Dec 2, 2024
rails-html-sanitize has XSS vulnerability with certain configurations
Low
CVE-2024-53985
was published
for
rails-html-sanitizer
(RubyGems)
Dec 2, 2024
Password Pusher rate limiter can be bypassed by forging proxy headers
Low
CVE-2024-52796
was published
for
pwpush
(RubyGems)
Nov 20, 2024
RDoc RCE vulnerability with .rdoc_options
Low
CVE-2024-27281
was published
for
rdoc
(RubyGems)
Mar 25, 2024
Duplicate Advisory: Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459
Low
GHSA-r3w4-36x6-7r99
was published
for
nokogiri
(RubyGems)
May 14, 2024
•
withdrawn
Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459
Low
GHSA-r95h-9x8f-r3f7
was published
for
nokogiri
(RubyGems)
May 13, 2024
Cross-site Scripting in actionpack
Low
CVE-2022-3704
was published
for
actionpack
(RubyGems)
Oct 27, 2022
•
withdrawn
Rails has possible ReDoS vulnerability in Accept header parsing in Action Dispatch
Low
CVE-2024-26142
was published
for
actionpack
(RubyGems)
Feb 27, 2024
Rack Header Parsing leads to Possible Denial of Service Vulnerability
Low
CVE-2024-26146
was published
for
rack
(RubyGems)
Feb 28, 2024
Rack has possible DoS Vulnerability with Range Header
Low
CVE-2024-26141
was published
for
rack
(RubyGems)
Feb 28, 2024
Puppet arbitrary files overwrite via a symlink attack
Low
CVE-2010-0156
was published
for
puppet
(RubyGems)
May 2, 2022
ReDoS based DoS vulnerability in Action Dispatch
Low
CVE-2023-22792
was published
for
actionpack
(RubyGems)
Jan 18, 2023
Puppet Denial of Service and Arbitrary File Write
Low
CVE-2012-1987
was published
for
puppet
(RubyGems)
May 14, 2022
Malicious URL drafting attack against iodines static file server may allow path traversal
Low
CVE-2024-22050
was published
for
iodine
(RubyGems)
Oct 7, 2019
Race Condition leading to logging errors
Low
CVE-2024-22047
was published
for
audited
(RubyGems)
May 1, 2023
govuk_tech_docs vulnerable to unescaped HTML on search results page
Low
CVE-2024-22048
was published
for
govuk_tech_docs
(RubyGems)
Apr 11, 2023
Duplicate Advisory: Malicious URL drafting attack against iodines static file server may allow path traversal
Low
GHSA-qwf7-rv77-fcr3
was published
for
iodine
(RubyGems)
Jan 4, 2024
•
withdrawn
Duplicate Advisory: govuk_tech_docs vulnerable to unescaped HTML on search results page
Low
GHSA-4mvm-xh8j-fv27
was published
for
govuk_tech_docs
(RubyGems)
Jan 4, 2024
•
withdrawn
Duplicate Advisory: Race Condition leading to logging errors
Low
GHSA-v444-jggx-6v7f
was published
for
audited
(RubyGems)
Jan 4, 2024
•
withdrawn
Puppet allows local users to obtain sensitive configuration information
Low
CVE-2012-3866
was published
for
puppet
(RubyGems)
Oct 24, 2017
ProTip!
Advisories are also available from the
GraphQL API