GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,316
Maven
5,000+
npm
5,000+
NuGet
1,030
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,493
Swift
61
Unreviewed advisories
All unreviewed
5,000+
377 advisories
Filter by severity
Decidim: JWT-backed authentication can be replayed across organizations
High
CVE-2026-45414
was published
for
decidim
(RubyGems)
Jul 13, 2026
Decidim: Verification documents can be downloaded through reusable links
High
CVE-2026-45378
was published
for
decidim-verifications
(RubyGems)
Jul 13, 2026
Ruby CSS Parser: SSRF and Local File Disclosure in `CssParser::Parser#read_remote_file`
High
CVE-2026-53727
was published
for
css_parser
(RubyGems)
Jul 9, 2026
pay-rails/pay: non-constant-time HMAC comparison in Paddle Billing webhook signature verifier
High
GHSA-mjgf-xj26-9qf9
was published
for
pay
(RubyGems)
Jul 1, 2026
Fluentd is Vulnerable to Server-Side Request Forgery (SSRF) via Placeholder Expansion in `out_http`
High
CVE-2026-44161
was published
for
fluentd
(RubyGems)
Jun 26, 2026
Fluentd is Vulnerable to Denial of Service (DoS) via Gzip Decompression Bomb in `in_http` and `in_forward`
High
CVE-2026-44160
was published
for
fluentd
(RubyGems)
Jun 26, 2026
Fluentd is Vulnerable to Exposure of Sensitive Information via Monitor Agent API
High
CVE-2026-44025
was published
for
fluentd
(RubyGems)
Jun 26, 2026
Concurrent Ruby : `AtomicReference#update` livelocks when the stored value is `Float::NAN`
High
CVE-2026-54904
was published
for
concurrent-ruby
(RubyGems)
Jun 19, 2026
Oj: Integer Overflow in Oj.load 2GB String Handling
High
CVE-2026-54903
was published
for
oj
(RubyGems)
Jun 19, 2026
Oj: Use-After-Free in Oj::Parser SAJ Long Key Callback
High
CVE-2026-54902
was published
for
oj
(RubyGems)
Jun 19, 2026
Oj: Use-After-Free in Oj::Parser array_class/hash_class GC Marking
High
CVE-2026-54901
was published
for
oj
(RubyGems)
Jun 19, 2026
Oj: Negative-Size memcpy in Oj::Parser create_id Attribute Handling
High
CVE-2026-54900
was published
for
oj
(RubyGems)
Jun 19, 2026
Oj: Use-After-Free in Oj::Parser SAJ Callback via Input Mutation
High
CVE-2026-54898
was published
for
oj
(RubyGems)
Jun 19, 2026
Oj: Use-After-Free in Oj::Doc Iterators via Reentrant Close
High
CVE-2026-54897
was published
for
oj
(RubyGems)
Jun 19, 2026
Oj: Heap Buffer Overflow in Oj.dump Exception Serialization via Large Indent
High
CVE-2026-54896
was published
for
oj
(RubyGems)
Jun 19, 2026
Oj: Stack Buffer Overflow in Oj::Doc#each_child via Deeply Nested Input
High
CVE-2026-54592
was published
for
oj
(RubyGems)
Jun 19, 2026
Faraday: Uncontrolled recursion in NestedParamsEncoder allows stack exhaustion DoS via deeply nested query parameters
High
CVE-2026-54297
was published
for
faraday
(RubyGems)
Jun 19, 2026
Oj: Stack Buffer Overflow in Oj.dump via Large Indent
High
CVE-2026-54502
was published
for
oj
(RubyGems)
Jun 19, 2026
Oj: Use-After-Free in Oj::Parser Symbol Key Cache Toggle
High
CVE-2026-54899
was published
for
oj
(RubyGems)
Jun 19, 2026
AlchemyCMS: Unauthenticated nested page API leaks restricted & unpublished content
High
GHSA-mqq5-j7w8-2hgh
was published
for
alchemy_cms
(RubyGems)
Jun 19, 2026
Puma PROXY Protocol v1 Accepts Repeated Protocol Headers on Persistent Connections
High
CVE-2026-47737
was published
for
puma
(RubyGems)
Jun 9, 2026
Puma PROXY Protocol v1 Parser Allows Remote Memory Exhaustion
High
CVE-2026-47736
was published
for
puma
(RubyGems)
Jun 8, 2026
ruby-jwt: Empty-key HMAC bypass; cross-language sibling of CVE-2026-44351
High
CVE-2026-45363
was published
for
jwt
(RubyGems)
May 18, 2026
katalyst-koi: Session cookies can be replayed after user logout
High
CVE-2026-44511
was published
for
katalyst-koi
(RubyGems)
May 7, 2026
Nokogiri CSS selector tokenizer has regular expression backtracking
High
GHSA-c4rq-3m3g-8wgx
was published
for
nokogiri
(RubyGems)
May 6, 2026
ProTip!
Advisories are also available from the
GraphQL API