GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
293 advisories
Filter by severity
Uncontrolled Recursion in Loofah
High
CVE-2022-23516
was published
for
loofah
(RubyGems)
Dec 13, 2022
Inefficient Regular Expression Complexity in Loofah
High
CVE-2022-23514
was published
for
loofah
(RubyGems)
Dec 13, 2022
Unchecked return value from xmlTextReaderExpand
High
CVE-2022-23476
was published
for
nokogiri
(RubyGems)
Dec 8, 2022
Sinatra vulnerable to Reflected File Download attack
High
CVE-2022-45442
was published
for
sinatra
(RubyGems)
Nov 30, 2022
arr-pm vulnerable to arbitrary shell execution when extracting or listing files contained in a malicious rpm.
High
CVE-2022-39224
was published
for
arr-pm
(RubyGems)
Sep 21, 2022
Pageflow vulnerable to insecure direct object reference in membership update endpoint
High
GHSA-qcqv-38jg-2r43
was published
for
pageflow
(RubyGems)
Sep 15, 2022
Pageflow vulnerable to sensitive user data extraction via Ransack query injection
High
GHSA-wrrw-crp8-979q
was published
for
pageflow
(RubyGems)
Sep 15, 2022
TZInfo relative path traversal vulnerability allows loading of arbitrary files
High
CVE-2022-31163
was published
for
tzinfo
(RubyGems)
Jul 21, 2022
opensearch-ruby 2.x before 2.0.2 vulnerable to unsafe YAML deserialization
High
CVE-2022-31115
was published
for
opensearch-ruby
(RubyGems)
Jul 5, 2022
Denial of Service Vulnerability in Rack Multipart Parsing
High
CVE-2022-30122
was published
for
rack
(RubyGems)
May 27, 2022
Camaleon CMS Insufficient Session Expiration vulnerability
High
CVE-2021-25970
was published
for
camaleon_cms
(RubyGems)
May 24, 2022
Nokogiri has vulnerable dependencies on libxml2 and libxslt
High
CVE-2021-30560
was published
for
nokogiri
(RubyGems)
May 24, 2022
Nokogiri contains libxml Out-of-bounds Write vulnerability
High
CVE-2021-3517
was published
for
nokogiri
(RubyGems)
May 24, 2022
Nokogiri Implements libxml2 version vulnerable to use-after-free
High
CVE-2021-3518
was published
for
nokogiri
(RubyGems)
May 24, 2022
Metasploit Framework user exposes Metasploit to same deserialization issue that is exploited by that module
High
CVE-2020-7385
was published
for
metasploit-framework
(RubyGems)
May 24, 2022
WEBRick vulnerable to HTTP Request/Response Smuggling
High
CVE-2020-25613
was published
for
webrick
(RubyGems)
May 24, 2022
Nokogiri implementation of libxslt vulnerable to heap corruption
High
CVE-2019-5815
was published
for
nokogiri
(RubyGems)
May 24, 2022
Missing Initialization of Resource in Apache Arrow
High
CVE-2019-12408
was published
for
pyarrow
(RubyGems)
May 24, 2022
Missing Initialization of Resource in Apache Arrow
High
CVE-2019-12410
was published
for
pyarrow
(RubyGems)
May 24, 2022
Nokogiri affected by libxslt Use of Uninitialized Resource/Use After Free vulnerability
High
CVE-2019-18197
was published
for
nokogiri
(RubyGems)
May 24, 2022
Elastic APM agent for Ruby vulnerable to Improper Certificate Validation
High
CVE-2019-7615
was published
for
elastic-apm
(RubyGems)
May 24, 2022
libxslt Type Confusion vulnerability that affects Nokogiri
High
CVE-2019-13118
was published
for
nokogiri
(RubyGems)
May 24, 2022
Uninitialized read in Nokogiri gem
High
CVE-2019-13117
was published
for
nokogiri
(RubyGems)
May 24, 2022
Nokogiri Improperly Handles Unexpected Data Type
High
CVE-2022-29181
was published
for
nokogiri
(RubyGems)
May 23, 2022
ProTip!
Advisories are also available from the
GraphQL API