Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,794
Maven
5,000+
npm
4,402
NuGet
772
pip
4,179
Pub
12
RubyGems
965
Rust
1,075
Swift
45
Unreviewed advisories
All unreviewed
5,000+

8,782 advisories

Loading
activerecord vulnerable to SQL Injection High
CVE-2011-0448 was published for activerecord (RubyGems) Oct 24, 2017
tdunlap607
Credited to tdunlap607
High severity vulnerability that affects thin High
CVE-2009-3287 was published for thin (RubyGems) Oct 24, 2017
Ruby on Rails vulnerable to code injection High
CVE-2006-4111 was published for rails (RubyGems) Oct 24, 2017
Remote code execution in rwiki High
CVE-2006-2582 was published for rwiki (RubyGems) Oct 24, 2017
Rails Denial of Service vulnerability High
CVE-2006-4112 was published for rails (RubyGems) Oct 24, 2017
activerecord vulnerable to SQL Injection High
CVE-2012-2695 was published for activerecord (RubyGems) Oct 24, 2017
levpachmanov
Credited to levpachmanov
actionpack allows remote attackers to bypass intended access restrictions High
CVE-2011-0449 was published for actionpack (RubyGems) Oct 24, 2017
ShayAry
Credited to ShayAry
Thumbshooter vulnerable to Code Injection High
CVE-2013-1898 was published for thumbshooter (RubyGems) Oct 24, 2017
extlib does not properly restrict casts of string values High
CVE-2013-1802 was published for extlib (RubyGems) Oct 24, 2017
fastreader Gem for Ruby URI Handling Arbitrary Command Injection High
CVE-2013-2615 was published for fastreader (RubyGems) Oct 24, 2017
crack does not properly restrict casts of string values High
CVE-2013-1800 was published for crack (RubyGems) Oct 24, 2017
Improper Input Validation in multi_xml High
CVE-2013-0175 was published for multi_xml (RubyGems) Oct 24, 2017
tdunlap607
Credited to tdunlap607
Curl Gem insufficient URL escaping command injection High
CVE-2013-2617 was published for curl (RubyGems) Oct 24, 2017
rgpg Code Injection vulnerability High
CVE-2013-4203 was published for rgpg (RubyGems) Oct 24, 2017
MiniMagick Gem for Ruby URI Handling Arbitrary Command Injection High
CVE-2013-2616 was published for mini_magick (RubyGems) Oct 24, 2017
Sounder Contains Arbitrary Command Execution Vulnerability High
CVE-2013-5647 was published for sounder (RubyGems) Oct 24, 2017
Shell command injection in command_wrap High
CVE-2013-1875 was published for command_wrap (RubyGems) Oct 24, 2017
Code injection in dragonfly gem High
CVE-2013-5671 was published for dragonfly (RubyGems) Oct 24, 2017
G-Rath
Credited to G-Rath
JSON gem has Improper Input Validation vulnerability High
CVE-2013-0269 was published for json (RubyGems) Oct 24, 2017
HTTParty does not restrict casts of string values High
CVE-2013-1801 was published for httparty (RubyGems) Oct 24, 2017
nori contains Improper Input Validation High
CVE-2013-0285 was published for nori (RubyGems) Oct 24, 2017
tdunlap607
Credited to tdunlap607
activesupport in Rails vulnerable to incorrect data conversion High
CVE-2013-0333 was published for activesupport (RubyGems) Oct 24, 2017
Dragonfly Code Injection vulnerability High
CVE-2013-1756 was published for dragonfly (RubyGems) Oct 24, 2017
Active Record contains SQL Injection High
CVE-2012-6496 was published for activerecord (RubyGems) Oct 24, 2017
levpachmanov
Credited to levpachmanov
Puppet Improper Input Validation vulnerability High
CVE-2013-3567 was published for puppet (RubyGems) Oct 24, 2017
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database