GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
101,354 advisories
Filter by severity
High severity vulnerability that affects thin
High
CVE-2009-3287
was published
for
thin
(RubyGems)
Oct 24, 2017
Ruby on Rails vulnerable to code injection
High
CVE-2006-4111
was published
for
rails
(RubyGems)
Oct 24, 2017
High severity vulnerability that affects rails.
High
CVE-2006-4112
was published
for
rails
(RubyGems)
Oct 24, 2017
actionpack allows remote attackers to bypass intended access restrictions
High
CVE-2011-0449
was published
for
actionpack
(RubyGems)
Oct 24, 2017
activerecord vulnerable to SQL Injection
High
CVE-2012-2695
was published
for
activerecord
(RubyGems)
Oct 24, 2017
activerecord vulnerable to SQL Injection
High
CVE-2011-2930
was published
for
activerecord
(RubyGems)
Oct 24, 2017
Rails ActiveRecord gem vulnerable to SQL injection
High
CVE-2008-4094
was published
for
activerecord
(RubyGems)
Oct 24, 2017
Mail Gem Improper Input Validation vulnerability
High
CVE-2012-2140
was published
for
mail
(RubyGems)
Oct 24, 2017
Keystone is vulnerable to CSV injection
High
CVE-2017-15879
was published
for
keystone
(npm)
Nov 16, 2017
gollum and gollum-lib allow remote authenticated users to execute arbitrary code
High
CVE-2014-9489
was published
for
gollum
(RubyGems)
Nov 16, 2017
Ox gem crashes due to a crafted input
High
CVE-2017-15928
was published
for
ox
(RubyGems)
Nov 21, 2017
Potential Command Injection in codem-transcode
High
CVE-2013-7377
was published
for
codem-transcode
(npm)
Nov 28, 2017
yajl-ruby gem Denial of Service vulnerability
High
CVE-2017-16516
was published
for
yajl-ruby
(RubyGems)
Nov 28, 2017
Cross-Site Request Forgery (CSRF) in keystone
High
CVE-2017-16570
was published
for
keystone
(npm)
Nov 30, 2017
private_address_check contains Incomplete List of Disallowed Inputs
High
CVE-2017-0909
was published
for
private_address_check
(RubyGems)
Nov 30, 2017
Next.js Directory Traversal Vulnerability
High
CVE-2017-16877
was published
for
next
(npm)
Dec 5, 2017
Out-of-bounds read in nokogiri
High
CVE-2017-9050
was published
for
nokogiri
(RubyGems)
Dec 13, 2017
auth0-js Privilege Escalation Vulnerability
High
CVE-2017-17068
was published
for
auth0-js
(npm)
Dec 21, 2017
Arbitrary file read vulnerability in yard server
High
CVE-2017-17042
was published
for
yard
(RubyGems)
Dec 21, 2017
Duplicate advisory: High severity vulnerability that affects passport-wsfed-saml2
High
GHSA-7fpw-cfc4-3p2c
was published
for
passport-wsfed-saml2
(npm)
Dec 28, 2017
•
withdrawn
Samlify vulnerable to Authentication Bypass by allowing tokens to be reused with different usernames
High
CVE-2017-1000452
was published
for
samlify
(npm)
Jan 4, 2018
lawn-login exposes database password to unauthorized users
High
CVE-2014-5000
was published
for
lawn-login
(RubyGems)
Jan 22, 2018
ProTip!
Advisories are also available from the
GraphQL API