Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,411
Erlang
33
GitHub Actions
22
Go
2,146
Maven
5,000+
npm
3,808
NuGet
687
pip
3,481
Pub
12
RubyGems
897
Rust
899
Swift
38
Unreviewed advisories
All unreviewed
5,000+

897 advisories

Loading
ROTP 6.2.2 and 6.2.1 has 0666 permissions for the .rb files. Moderate
CVE-2024-28862 was published for rotp (RubyGems) Mar 18, 2024
G-Rath
TurboBoost Commands vulnerable to arbitrary method invocation High
CVE-2024-28181 was published for @turbo-boost/commands (RubyGems) Mar 15, 2024
discordrb OS Command Injection vulnerability Critical
CVE-2023-28102 was published for discordrb (RubyGems) Mar 14, 2024
StimulusReflex arbitrary method call High
CVE-2024-28121 was published for stimulus_reflex (RubyGems) Mar 12, 2024
FelixMartel marcoroth
matt-phylum
Cross-site Scripting (XSS) possible with maliciously formed HTML attribute names and values in Phlex High
CVE-2024-28199 was published for phlex (RubyGems) Mar 12, 2024
p8 joeldrapper
willcosgrove
Cross Site Scripting vulnerability in Contribsys Sidekiq Moderate
CVE-2023-46950 was published for sidekiq-unique-jobs (RubyGems) Mar 1, 2024
json-jwt allows bypass of identity checks via a sign/encryption confusion attack Moderate
CVE-2023-51774 was published for json-jwt (RubyGems) Feb 29, 2024
postmodern sorah
Capncavedan
Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial) Moderate
CVE-2024-25126 was published for rack (RubyGems) Feb 28, 2024
byroot
Rack has possible DoS Vulnerability with Range Header Low
CVE-2024-26141 was published for rack (RubyGems) Feb 28, 2024
ooooooo-q
Rack Header Parsing leads to Possible Denial of Service Vulnerability Low
CVE-2024-26146 was published for rack (RubyGems) Feb 28, 2024
SValkanov
YARD's default template vulnerable to Cross-site Scripting in generated frames.html Moderate
CVE-2024-27285 was published for yard (RubyGems) Feb 28, 2024
avivkeller
Rails has possible Sensitive Session Information Leak in Active Storage Moderate
CVE-2024-26144 was published for activestorage (RubyGems) Feb 27, 2024
yoshizawa-masatoshi tyage
postmodern
Rails has possible XSS Vulnerability in Action Controller Moderate
CVE-2024-26143 was published for actionpack (RubyGems) Feb 27, 2024
ooooooo-q yoshizawa-masatoshi
postmodern stdedos
Rails has possible ReDoS vulnerability in Accept header parsing in Action Dispatch Low
CVE-2024-26142 was published for actionpack (RubyGems) Feb 27, 2024
SValkanov yoshizawa-masatoshi
postmodern
Rack CORS Middleware has Insecure File Permissions Moderate
CVE-2024-27456 was published for rack-cors (RubyGems) Feb 26, 2024
guiferrpereira joaomarcos96
Cross-site scripting (XSS) in the dynamic file uploads Moderate
CVE-2023-51447 was published for decidim (RubyGems) Feb 20, 2024
ctrgrb ahukkanen
Possibility to circumvent the invitation token expiry period Moderate
CVE-2023-48220 was published for decidim (RubyGems) Feb 20, 2024
ahukkanen ctrgrb
Possible CSRF attack at questionnaire templates preview Moderate
CVE-2023-47635 was published for decidim-templates (RubyGems) Feb 20, 2024
Race condition in Endorsements Low
CVE-2023-47634 was published for decidim (RubyGems) Feb 20, 2024
microstudi alecslupu
andreslucena
XSS sidekiq-unique-jobs UI server vulnerability High
CVE-2024-25122 was published for sidekiq-unique-jobs (RubyGems) Feb 13, 2024
pboling Earlopain
Nokogiri update packaged libxml2 to v2.12.5 to resolve CVE-2024-25062 Moderate
GHSA-xc9x-jj77-9p9j was published for nokogiri (RubyGems) Feb 5, 2024
yoshizawa-masatoshi lumaxis
Cross-site scripting (XSS) in Action messages on Avo Moderate
CVE-2024-22411 was published for avo (RubyGems) Jan 17, 2024
stevegeek tamaloa
avo vulnerable to stored cross-site scripting (XSS) in key_value field High
CVE-2024-22191 was published for avo (RubyGems) Jan 16, 2024
Mys7ic FLX-0x00
tamaloa
Devise-Two-Factor vulnerable to brute force attacks Moderate
CVE-2024-0227 was published for devise-two-factor (RubyGems) Jan 12, 2024 withdrawn
bsedat
Puma HTTP Request/Response Smuggling vulnerability Moderate
CVE-2024-21647 was published for puma (RubyGems) Jan 8, 2024
bartekn
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database