Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

34 advisories

Loading
Code injection in Narou High
CVE-2021-35514 was published for narou (RubyGems) Jul 2, 2021
Remote code execution in Kramdown High
CVE-2021-28834 was published for kramdown (RubyGems) Mar 29, 2021
Code injection in ruby git High
CVE-2022-47318 was published for git (RubyGems) Jan 17, 2023
ruby-git has potential remote code execution vulnerability High
CVE-2022-46648 was published for git (RubyGems) Jan 9, 2023
omniauth-weibo-oauth2 included a code-execution backdoor inserted by a third party Critical
CVE-2019-17268 was published for omniauth-weibo-oauth2 (RubyGems) May 24, 2022
RubyGems Code Injection vulnerability Critical
CVE-2017-0899 was published for rubygems-update (RubyGems) May 13, 2022
Code injection in pdf_info Critical
CVE-2022-36231 was published for pdf_info (RubyGems) Feb 24, 2023
Possible code injection vulnerability in Rails / Active Storage Critical
CVE-2022-21831 was published for activestorage (RubyGems) Mar 8, 2022
sergey-alekseev
Code Injection vulnerability in CarrierWave::RMagick High
CVE-2021-21305 was published for carrierwave (RubyGems) Feb 8, 2021
wonda-tea-coffee
Bundler allows attacker to inject arbitrary code via secondary Gem source Critical
CVE-2016-7954 was published for bundler (RubyGems) May 14, 2022
Remote code execution via user-provided local names in ActionView High
CVE-2020-8163 was published for actionview (RubyGems) Jul 7, 2020
Sup Code Injection vulnerability Moderate
CVE-2013-4479 was published for sup (RubyGems) May 17, 2022
Dragonfly contains remote code execution vulnerability Critical
CVE-2021-33564 was published for dragonfly (RubyGems) Jun 2, 2021
datagrid contains code Injection backdoor Critical
CVE-2019-14281 was published for datagrid (RubyGems) Jul 31, 2019
Publify vulnerable to code injection Moderate
CVE-2022-0578 was published for publify_core (RubyGems) May 17, 2022
Bootstrap-sass contains code execution backdoor Critical
CVE-2019-10842 was published for bootstrap-sass (RubyGems) Apr 4, 2019
Code injection in RubyGems High
CVE-2019-8324 was published for rubygems-update (RubyGems) Jun 20, 2019
Code backdoor in simple_captcha2 Critical
CVE-2019-14282 was published for simple_captcha2 (RubyGems) Jul 31, 2019
fastreader Gem for Ruby URI Handling Arbitrary Command Injection High
CVE-2013-2615 was published for fastreader (RubyGems) Oct 24, 2017
Thumbshooter vulnerable to Code Injection High
CVE-2013-1898 was published for thumbshooter (RubyGems) Oct 24, 2017
rest-client Gem Contains Malicious Code Critical
CVE-2019-15224 was published for awesome-bot (RubyGems) Aug 20, 2019
Curl Gem insufficient URL escaping command injection High
CVE-2013-2617 was published for curl (RubyGems) Oct 24, 2017
MiniMagick Gem for Ruby URI Handling Arbitrary Command Injection High
CVE-2013-2616 was published for mini_magick (RubyGems) Oct 24, 2017
Sup Code Injection vulnerability Moderate
CVE-2013-4478 was published for sup (RubyGems) May 17, 2022
Webbynode Code Injection vulnerability High
CVE-2013-7086 was published for webbynode (RubyGems) Oct 24, 2017
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database