Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

377 advisories

Loading
Decidim: JWT-backed authentication can be replayed across organizations High
CVE-2026-45414 was published for decidim (RubyGems) Jul 13, 2026
Decidim: Verification documents can be downloaded through reusable links High
CVE-2026-45378 was published for decidim-verifications (RubyGems) Jul 13, 2026
andreslucena Credited to andreslucena
Ruby CSS Parser: SSRF and Local File Disclosure in `CssParser::Parser#read_remote_file` High
CVE-2026-53727 was published for css_parser (RubyGems) Jul 9, 2026
JLLeitschuh Credited to JLLeitschuh
pay-rails/pay: non-constant-time HMAC comparison in Paddle Billing webhook signature verifier High
GHSA-mjgf-xj26-9qf9 was published for pay (RubyGems) Jul 1, 2026
tonghuaroot Credited to tonghuaroot
kocaemre Credited to kocaemre, G-Rath, iBotPeaches, Starfox64, sfriedman-cape, and maikelvdh G-Rath G-Rath
iBotPeaches iBotPeaches Starfox64 Starfox64 sfriedman-cape sfriedman-cape maikelvdh maikelvdh
Fluentd is Vulnerable to Server-Side Request Forgery (SSRF) via Placeholder Expansion in `out_http` High
CVE-2026-44161 was published for fluentd (RubyGems) Jun 26, 2026
everping Credited to everping
everping Credited to everping
Fluentd is Vulnerable to Exposure of Sensitive Information via Monitor Agent API High
CVE-2026-44025 was published for fluentd (RubyGems) Jun 26, 2026
everping Credited to everping
Concurrent Ruby : `AtomicReference#update` livelocks when the stored value is `Float::NAN` High
CVE-2026-54904 was published for concurrent-ruby (RubyGems) Jun 19, 2026
pranjalithakur Credited to pranjalithakur
Oj: Integer Overflow in Oj.load 2GB String Handling High
CVE-2026-54903 was published for oj (RubyGems) Jun 19, 2026
Oj: Use-After-Free in Oj::Parser SAJ Long Key Callback High
CVE-2026-54902 was published for oj (RubyGems) Jun 19, 2026
Oj: Use-After-Free in Oj::Parser array_class/hash_class GC Marking High
CVE-2026-54901 was published for oj (RubyGems) Jun 19, 2026
Oj: Negative-Size memcpy in Oj::Parser create_id Attribute Handling High
CVE-2026-54900 was published for oj (RubyGems) Jun 19, 2026
Oj: Use-After-Free in Oj::Parser SAJ Callback via Input Mutation High
CVE-2026-54898 was published for oj (RubyGems) Jun 19, 2026
Oj: Use-After-Free in Oj::Doc Iterators via Reentrant Close High
CVE-2026-54897 was published for oj (RubyGems) Jun 19, 2026
Oj: Heap Buffer Overflow in Oj.dump Exception Serialization via Large Indent High
CVE-2026-54896 was published for oj (RubyGems) Jun 19, 2026
Oj: Stack Buffer Overflow in Oj::Doc#each_child via Deeply Nested Input High
CVE-2026-54592 was published for oj (RubyGems) Jun 19, 2026
7a6163 Credited to 7a6163
Oj: Stack Buffer Overflow in Oj.dump via Large Indent High
CVE-2026-54502 was published for oj (RubyGems) Jun 19, 2026
cla7aye15I4nd Credited to cla7aye15I4nd and yuhang-lab yuhang-lab yuhang-lab
Oj: Use-After-Free in Oj::Parser Symbol Key Cache Toggle High
CVE-2026-54899 was published for oj (RubyGems) Jun 19, 2026
AlchemyCMS: Unauthenticated nested page API leaks restricted & unpublished content High
GHSA-mqq5-j7w8-2hgh was published for alchemy_cms (RubyGems) Jun 19, 2026
Haxset Credited to Haxset
ERB has an @_init deserialization guard bypass via def_module / def_method / def_class High
CVE-2026-41316 was published for erb (RubyGems) Apr 24, 2026
TristanInSec Credited to TristanInSec
Nokogiri affected by libxslt Use of Uninitialized Resource/Use After Free vulnerability High
CVE-2019-18197 was published for nokogiri (RubyGems) May 24, 2022
libxslt Type Confusion vulnerability that affects Nokogiri High
CVE-2019-13118 was published for nokogiri (RubyGems) May 24, 2022
Puma PROXY Protocol v1 Accepts Repeated Protocol Headers on Persistent Connections High
CVE-2026-47737 was published for puma (RubyGems) Jun 9, 2026
vxhex Credited to vxhex and nateberkopec nateberkopec nateberkopec
Puma PROXY Protocol v1 Parser Allows Remote Memory Exhaustion High
CVE-2026-47736 was published for puma (RubyGems) Jun 8, 2026
Pirikara Credited to Pirikara
ProTip! Advisories are also available from the GraphQL API