Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,051
Erlang
29
GitHub Actions
19
Go
1,887
Maven
5,000+
npm
3,602
NuGet
638
pip
3,205
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+

852 advisories

Loading
request_store has Incorrect Default Permissions Moderate
CVE-2024-43791 was published for request_store (RubyGems) Aug 23, 2024
G-Rath
REXML denial of service vulnerability Moderate
CVE-2024-43398 was published for rexml (RubyGems) Aug 22, 2024
fugit parse and parse_nat stall on lengthy input Moderate
CVE-2024-43380 was published for fugit (RubyGems) Aug 19, 2024
personnumber3377 bensheldon
Command Injection in sequenceserver Critical
CVE-2024-42360 was published for sequenceserver (RubyGems) Aug 13, 2024
drpowell tadast
REXML DoS vulnerability Moderate
CVE-2024-41946 was published for rexml (RubyGems) Aug 2, 2024
naitoh
REXML DoS vulnerability Moderate
CVE-2024-41123 was published for rexml (RubyGems) Aug 1, 2024
Cross-Site Request Forgery in Spina Moderate
CVE-2024-7106 was published for spina (RubyGems) Jul 25, 2024
REXML denial of service vulnerability Moderate
CVE-2024-39908 was published for rexml (RubyGems) Jul 16, 2024
Bootstrap Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2024-6484 was published for bootstrap (RubyGems) Jul 11, 2024
metametadata
Bootstrap Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2024-6531 was published for bootstrap (RubyGems) Jul 11, 2024
alexeyNeklesa-idt metametadata
Decidim cross-site scripting (XSS) in the admin panel Moderate
CVE-2024-27095 was published for decidim-admin (RubyGems) Jul 10, 2024
Decidim cross-site scripting (XSS) in the pagination High
CVE-2024-32469 was published for decidim (RubyGems) Jul 10, 2024
PatrickHimler
Decidim vulnerable to data disclosure through the embed feature Moderate
CVE-2024-27090 was published for decidim (RubyGems) Jul 10, 2024
RailsAdmin Cross-site Scripting vulnerability in the list view Moderate
CVE-2024-39308 was published for rails_admin (RubyGems) Jul 8, 2024
mshibuya
Rack ReDoS Vulnerability in HTTP Accept Headers Parsing Moderate
CVE-2024-39316 was published for rack (RubyGems) Jul 3, 2024
dwisiswant0
Missing security headers in Action Pack on non-HTML responses Moderate
CVE-2024-28103 was published for actionpack (RubyGems) Jun 4, 2024
shinkbr
ActionText ContentAttachment can Contain Unsanitized HTML Moderate
CVE-2024-32464 was published for actiontext (RubyGems) Jun 4, 2024
ooooooo-q
activeadmin vulnerable to stored persistent cross-site scripting (XSS) in dynamic form legends High
CVE-2024-37031 was published for activeadmin (RubyGems) Jun 2, 2024
aoprea1982
rack-contrib vulnerable to Denial of Service due to the unconstrained value of the incoming "profiler_runs" parameter High
CVE-2024-35231 was published for rack-contrib (RubyGems) May 28, 2024
Sim4n6 ioquatix
Kaminari Insecure File Permissions Vulnerability Moderate
CVE-2024-32978 was published for kaminari (RubyGems) May 28, 2024
G-Rath
REXML contains a denial of service vulnerability Moderate
CVE-2024-35176 was published for rexml (RubyGems) May 16, 2024
Duplicate Advisory: Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459 Low
GHSA-r3w4-36x6-7r99 was published for nokogiri (RubyGems) May 14, 2024 withdrawn
Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459 Low
GHSA-r95h-9x8f-r3f7 was published for nokogiri (RubyGems) May 13, 2024
CommanderStorm postmodern
Trix Editor Arbitrary Code Execution Vulnerability Moderate
CVE-2024-34341 was published for actiontext (RubyGems) May 7, 2024
chadlwilson
Phlex vulnerable to Cross-site Scripting (XSS) via maliciously formed HTML attribute names and values High
CVE-2024-32970 was published for phlex (RubyGems) May 1, 2024
joeldrapper
ProTip! Advisories are also available from the GraphQL API