Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,894
Maven
5,000+
npm
5,000+
NuGet
963
pip
5,000+
Pub
13
RubyGems
1,061
Rust
1,373
Swift
54
Unreviewed advisories
All unreviewed
5,000+

498 advisories

Loading
Missing security headers in Action Pack on non-HTML responses Moderate
CVE-2024-28103 was published for actionpack (RubyGems) Jun 4, 2024
shinkbr Credited to shinkbr
ActionText ContentAttachment can Contain Unsanitized HTML Moderate
CVE-2024-32464 was published for actiontext (RubyGems) Jun 4, 2024
ooooooo-q Credited to ooooooo-q
Kaminari Insecure File Permissions Vulnerability Moderate
CVE-2024-32978 was published for kaminari (RubyGems) May 28, 2024
G-Rath Credited to G-Rath
REXML contains a denial of service vulnerability Moderate
CVE-2024-35176 was published for rexml (RubyGems) May 16, 2024
Trix Editor Arbitrary Code Execution Vulnerability Moderate
CVE-2024-34341 was published for actiontext (RubyGems) May 7, 2024
chadlwilson Credited to chadlwilson
Sidekiq vulnerable to a Reflected XSS in Queues Web Page Moderate
CVE-2024-32887 was published for sidekiq (RubyGems) Apr 26, 2024
UmerAdeemCheema Credited to UmerAdeemCheema
CarrierWave content-Type allowlist bypass vulnerability which possibly leads to XSS remained Moderate
CVE-2024-29034 was published for carrierwave (RubyGems) Mar 25, 2024
a-zara-n Credited to a-zara-n
Duplicate Advisory: Use-after-free in libxml2 via Nokogiri::XML::Reader Moderate
GHSA-vcc3-rw6f-jv97 was published for nokogiri (RubyGems) Mar 18, 2024 withdrawn
postmodern Credited to postmodern
ROTP 6.2.2 and 6.2.1 has 0666 permissions for the .rb files. Moderate
CVE-2024-28862 was published for rotp (RubyGems) Mar 18, 2024
G-Rath Credited to G-Rath
Cross Site Scripting vulnerability in Contribsys Sidekiq Moderate
CVE-2023-46950 was published for sidekiq-unique-jobs (RubyGems) Mar 1, 2024
json-jwt allows bypass of identity checks via a sign/encryption confusion attack Moderate
CVE-2023-51774 was published for json-jwt (RubyGems) Feb 29, 2024
postmodern Credited to postmodern, sorah, and Capncavedan sorah sorah
Capncavedan Capncavedan
Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial) Moderate
CVE-2024-25126 was published for rack (RubyGems) Feb 28, 2024
byroot Credited to byroot
YARD's default template vulnerable to Cross-site Scripting in generated frames.html Moderate
CVE-2024-27285 was published for yard (RubyGems) Feb 28, 2024
avivkeller Credited to avivkeller
Rails has possible Sensitive Session Information Leak in Active Storage Moderate
CVE-2024-26144 was published for activestorage (RubyGems) Feb 27, 2024
yoshizawa-masatoshi Credited to yoshizawa-masatoshi, tyage, and postmodern tyage tyage
postmodern postmodern
Rails has possible XSS Vulnerability in Action Controller Moderate
CVE-2024-26143 was published for actionpack (RubyGems) Feb 27, 2024
ooooooo-q Credited to ooooooo-q, yoshizawa-masatoshi, postmodern, and stdedos yoshizawa-masatoshi yoshizawa-masatoshi
postmodern postmodern stdedos stdedos
Rack CORS Middleware has Insecure File Permissions Moderate
CVE-2024-27456 was published for rack-cors (RubyGems) Feb 26, 2024
guiferrpereira Credited to guiferrpereira and joaomarcos96 joaomarcos96 joaomarcos96
Cross-site scripting (XSS) in the dynamic file uploads Moderate
CVE-2023-51447 was published for decidim (RubyGems) Feb 20, 2024
ctrgrb Credited to ctrgrb and ahukkanen ahukkanen ahukkanen
Possibility to circumvent the invitation token expiry period Moderate
CVE-2023-48220 was published for decidim (RubyGems) Feb 20, 2024
ahukkanen Credited to ahukkanen and ctrgrb ctrgrb ctrgrb
Possible CSRF attack at questionnaire templates preview Moderate
CVE-2023-47635 was published for decidim-templates (RubyGems) Feb 20, 2024
Nokogiri update packaged libxml2 to v2.12.5 to resolve CVE-2024-25062 Moderate
GHSA-xc9x-jj77-9p9j was published for nokogiri (RubyGems) Feb 5, 2024
yoshizawa-masatoshi Credited to yoshizawa-masatoshi and lumaxis lumaxis lumaxis
Cross-site scripting (XSS) in Action messages on Avo Moderate
CVE-2024-22411 was published for avo (RubyGems) Jan 17, 2024
stevegeek Credited to stevegeek and tamaloa tamaloa tamaloa
Devise-Two-Factor vulnerable to brute force attacks Moderate
CVE-2024-0227 was published for devise-two-factor (RubyGems) Jan 12, 2024 withdrawn
bsedat Credited to bsedat
Puma HTTP Request/Response Smuggling vulnerability Moderate
CVE-2024-21647 was published for puma (RubyGems) Jan 8, 2024
bartekn Credited to bartekn
view_component Cross-site Scripting vulnerability Moderate
CVE-2024-21636 was published for view_component (RubyGems) Jan 4, 2024
BlakeWilliams Credited to BlakeWilliams and camertron camertron camertron
Duplicate Advisory: httparty has multipart/form-data request tampering vulnerability Moderate
GHSA-g47j-3m2m-74qv was published for httparty (RubyGems) Jan 4, 2024 withdrawn
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database