GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
34 advisories
Filter by severity
Remote code execution in Kramdown
High
CVE-2021-28834
was published
for
kramdown
(RubyGems)
Mar 29, 2021
ruby-git has potential remote code execution vulnerability
High
CVE-2022-46648
was published
for
git
(RubyGems)
Jan 9, 2023
omniauth-weibo-oauth2 included a code-execution backdoor inserted by a third party
Critical
CVE-2019-17268
was published
for
omniauth-weibo-oauth2
(RubyGems)
May 24, 2022
RubyGems Code Injection vulnerability
Critical
CVE-2017-0899
was published
for
rubygems-update
(RubyGems)
May 13, 2022
Code injection in pdf_info
Critical
CVE-2022-36231
was published
for
pdf_info
(RubyGems)
Feb 24, 2023
Possible code injection vulnerability in Rails / Active Storage
Critical
CVE-2022-21831
was published
for
activestorage
(RubyGems)
Mar 8, 2022
Code Injection vulnerability in CarrierWave::RMagick
High
CVE-2021-21305
was published
for
carrierwave
(RubyGems)
Feb 8, 2021
Bundler allows attacker to inject arbitrary code via secondary Gem source
Critical
CVE-2016-7954
was published
for
bundler
(RubyGems)
May 14, 2022
Remote code execution via user-provided local names in ActionView
High
CVE-2020-8163
was published
for
actionview
(RubyGems)
Jul 7, 2020
Sup Code Injection vulnerability
Moderate
CVE-2013-4479
was published
for
sup
(RubyGems)
May 17, 2022
Dragonfly contains remote code execution vulnerability
Critical
CVE-2021-33564
was published
for
dragonfly
(RubyGems)
Jun 2, 2021
datagrid contains code Injection backdoor
Critical
CVE-2019-14281
was published
for
datagrid
(RubyGems)
Jul 31, 2019
Publify vulnerable to code injection
Moderate
CVE-2022-0578
was published
for
publify_core
(RubyGems)
May 17, 2022
Bootstrap-sass contains code execution backdoor
Critical
CVE-2019-10842
was published
for
bootstrap-sass
(RubyGems)
Apr 4, 2019
Code injection in RubyGems
High
CVE-2019-8324
was published
for
rubygems-update
(RubyGems)
Jun 20, 2019
Code backdoor in simple_captcha2
Critical
CVE-2019-14282
was published
for
simple_captcha2
(RubyGems)
Jul 31, 2019
fastreader Gem for Ruby URI Handling Arbitrary Command Injection
High
CVE-2013-2615
was published
for
fastreader
(RubyGems)
Oct 24, 2017
Thumbshooter vulnerable to Code Injection
High
CVE-2013-1898
was published
for
thumbshooter
(RubyGems)
Oct 24, 2017
rest-client Gem Contains Malicious Code
Critical
CVE-2019-15224
was published
for
awesome-bot
(RubyGems)
Aug 20, 2019
Curl Gem insufficient URL escaping command injection
High
CVE-2013-2617
was published
for
curl
(RubyGems)
Oct 24, 2017
MiniMagick Gem for Ruby URI Handling Arbitrary Command Injection
High
CVE-2013-2616
was published
for
mini_magick
(RubyGems)
Oct 24, 2017
Sup Code Injection vulnerability
Moderate
CVE-2013-4478
was published
for
sup
(RubyGems)
May 17, 2022
Webbynode Code Injection vulnerability
High
CVE-2013-7086
was published
for
webbynode
(RubyGems)
Oct 24, 2017
ProTip!
Advisories are also available from the
GraphQL API