GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
34 advisories
Filter by severity
Server-Side Template Injection in Camaleon CMS
Critical
CVE-2023-30145
was published
for
camaleon_cms
(RubyGems)
May 26, 2023
Dragonfly Code Injection vulnerability
High
CVE-2013-1756
was published
for
dragonfly
(RubyGems)
Oct 24, 2017
Ruby on Rails vulnerable to code injection
High
CVE-2006-4111
was published
for
rails
(RubyGems)
Oct 24, 2017
Sounder Contains Arbitrary Command Execution Vulnerability
High
CVE-2013-5647
was published
for
sounder
(RubyGems)
Oct 24, 2017
Shell command injection in command_wrap
High
CVE-2013-1875
was published
for
command_wrap
(RubyGems)
Oct 24, 2017
actionpack CRLF injection vulnerability
Moderate
CVE-2011-3186
was published
for
actionpack
(RubyGems)
Oct 24, 2017
sprout Arbitrary Code Execution vulnerability
High
CVE-2013-6421
was published
for
sprout
(RubyGems)
Oct 24, 2017
strong_password Ruby gem malicious version causing Remote Code Execution vulnerability
Critical
CVE-2019-13354
was published
for
strong_password
(RubyGems)
Jul 8, 2019
Webbynode Code Injection vulnerability
High
CVE-2013-7086
was published
for
webbynode
(RubyGems)
Oct 24, 2017
Sup Code Injection vulnerability
Moderate
CVE-2013-4478
was published
for
sup
(RubyGems)
May 17, 2022
MiniMagick Gem for Ruby URI Handling Arbitrary Command Injection
High
CVE-2013-2616
was published
for
mini_magick
(RubyGems)
Oct 24, 2017
Curl Gem insufficient URL escaping command injection
High
CVE-2013-2617
was published
for
curl
(RubyGems)
Oct 24, 2017
rest-client Gem Contains Malicious Code
Critical
CVE-2019-15224
was published
for
awesome-bot
(RubyGems)
Aug 20, 2019
Thumbshooter vulnerable to Code Injection
High
CVE-2013-1898
was published
for
thumbshooter
(RubyGems)
Oct 24, 2017
fastreader Gem for Ruby URI Handling Arbitrary Command Injection
High
CVE-2013-2615
was published
for
fastreader
(RubyGems)
Oct 24, 2017
Code backdoor in simple_captcha2
Critical
CVE-2019-14282
was published
for
simple_captcha2
(RubyGems)
Jul 31, 2019
Code injection in RubyGems
High
CVE-2019-8324
was published
for
rubygems-update
(RubyGems)
Jun 20, 2019
Bootstrap-sass contains code execution backdoor
Critical
CVE-2019-10842
was published
for
bootstrap-sass
(RubyGems)
Apr 4, 2019
Publify vulnerable to code injection
Moderate
CVE-2022-0578
was published
for
publify_core
(RubyGems)
May 17, 2022
datagrid contains code Injection backdoor
Critical
CVE-2019-14281
was published
for
datagrid
(RubyGems)
Jul 31, 2019
Dragonfly contains remote code execution vulnerability
Critical
CVE-2021-33564
was published
for
dragonfly
(RubyGems)
Jun 2, 2021
Sup Code Injection vulnerability
Moderate
CVE-2013-4479
was published
for
sup
(RubyGems)
May 17, 2022
Remote code execution via user-provided local names in ActionView
High
CVE-2020-8163
was published
for
actionview
(RubyGems)
Jul 7, 2020
Bundler allows attacker to inject arbitrary code via secondary Gem source
Critical
CVE-2016-7954
was published
for
bundler
(RubyGems)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API