GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
18 advisories
Filter by severity
ruby-git has potential remote code execution vulnerability
High
CVE-2022-46648
was published
for
git
(RubyGems)
Jan 9, 2023
Remote code execution in Kramdown
High
CVE-2021-28834
was published
for
kramdown
(RubyGems)
Mar 29, 2021
Code Injection vulnerability in CarrierWave::RMagick
High
CVE-2021-21305
was published
for
carrierwave
(RubyGems)
Feb 8, 2021
Remote code execution via user-provided local names in ActionView
High
CVE-2020-8163
was published
for
actionview
(RubyGems)
Jul 7, 2020
Code injection in RubyGems
High
CVE-2019-8324
was published
for
rubygems-update
(RubyGems)
Jun 20, 2019
Ruby on Rails vulnerable to code injection
High
CVE-2006-4111
was published
for
rails
(RubyGems)
Oct 24, 2017
Dragonfly Code Injection vulnerability
High
CVE-2013-1756
was published
for
dragonfly
(RubyGems)
Oct 24, 2017
Thumbshooter vulnerable to Code Injection
High
CVE-2013-1898
was published
for
thumbshooter
(RubyGems)
Oct 24, 2017
fastreader Gem for Ruby URI Handling Arbitrary Command Injection
High
CVE-2013-2615
was published
for
fastreader
(RubyGems)
Oct 24, 2017
Shell command injection in command_wrap
High
CVE-2013-1875
was published
for
command_wrap
(RubyGems)
Oct 24, 2017
Sounder Contains Arbitrary Command Execution Vulnerability
High
CVE-2013-5647
was published
for
sounder
(RubyGems)
Oct 24, 2017
MiniMagick Gem for Ruby URI Handling Arbitrary Command Injection
High
CVE-2013-2616
was published
for
mini_magick
(RubyGems)
Oct 24, 2017
Curl Gem insufficient URL escaping command injection
High
CVE-2013-2617
was published
for
curl
(RubyGems)
Oct 24, 2017
sprout Arbitrary Code Execution vulnerability
High
CVE-2013-6421
was published
for
sprout
(RubyGems)
Oct 24, 2017
Webbynode Code Injection vulnerability
High
CVE-2013-7086
was published
for
webbynode
(RubyGems)
Oct 24, 2017
ProTip!
Advisories are also available from the
GraphQL API