GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
48 advisories
Filter by severity
Camaleon CMS vulnerable to arbitrary path traversal (GHSL-2024-183)
High
CVE-2024-46987
was published
for
camaleon_cms
(RubyGems)
Sep 18, 2024
Decidim vulnerable to data disclosure through the embed feature
Moderate
CVE-2024-27090
was published
for
decidim
(RubyGems)
Jul 10, 2024
Rails has possible Sensitive Session Information Leak in Active Storage
Moderate
CVE-2024-26144
was published
for
activestorage
(RubyGems)
Feb 27, 2024
Exposure of information in Action Pack
High
CVE-2022-23633
was published
for
actionpack
(RubyGems)
Feb 11, 2022
Potential CSV export data leak
High
CVE-2023-50448
was published
for
activeadmin
(RubyGems)
Dec 15, 2023
xaviershay-dm-rails Gem for Ruby exposes sensitive information via the process table
Moderate
CVE-2015-2179
was published
for
xaviershay-dm-rails
(RubyGems)
Jan 26, 2023
Logstash Logs Sensitive Information
High
CVE-2016-1000221
was published
for
logstash-core
(RubyGems)
May 14, 2022
Logstash Logs Sensitive Information
Moderate
CVE-2016-10362
was published
for
logstash-core
(RubyGems)
May 13, 2022
Exposure of Sensitive Information in bio-basespace-sdk
Moderate
CVE-2013-7111
was published
for
bio-basespace-sdk
(RubyGems)
Oct 24, 2017
Kcapifony gem for Ruby places database user passwords on the command line
High
CVE-2014-5001
was published
for
kcapifony
(RubyGems)
Jul 23, 2018
brbackup exposes database password to unauthorized users
High
CVE-2014-5004
was published
for
brbackup
(RubyGems)
Mar 5, 2018
Moderate severity vulnerability that affects rails
Moderate
CVE-2007-5379
was published
for
rails
(RubyGems)
Oct 24, 2017
actionpack and activesupport vulnerable to information leaks
Moderate
CVE-2009-3086
was published
for
actionpack
(RubyGems)
Oct 24, 2017
Decidim vulnerable to sensitive data disclosure
High
CVE-2023-34090
was published
for
decidim
(RubyGems)
Jul 11, 2023
newrelic_rpm Gem Discloses Sensitive Information
Moderate
CVE-2013-0284
was published
for
newrelic_rpm
(RubyGems)
Oct 24, 2017
lawn-login exposes database password to unauthorized users
High
CVE-2014-5000
was published
for
lawn-login
(RubyGems)
Jan 22, 2018
lynx doesn't properly sanitize user input and exposes database password to unauthorized users
High
CVE-2014-5002
was published
for
lynx
(RubyGems)
Jan 24, 2018
safemode gem allows context-dependent attackers to obtain sensitive information via the inspect method
High
CVE-2016-3693
was published
for
safemode
(RubyGems)
Oct 24, 2017
Sprockets path traversal leads to information leak
High
CVE-2018-3760
was published
for
sprockets
(RubyGems)
Jun 20, 2018
http vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
Moderate
CVE-2015-1828
was published
for
http
(RubyGems)
Mar 13, 2018
Spree allows remote attackers to obtain sensitive information
Moderate
CVE-2010-3978
was published
for
spree
(RubyGems)
May 14, 2022
Paratrooper-newrelic Exposes of Sensitive Information to an Unauthorized Actor
Low
CVE-2014-1234
was published
for
paratrooper-newrelic
(RubyGems)
Oct 24, 2017
jquery-rails and jquery-ujs subject to Exposure of Sensitive Information
Moderate
CVE-2015-1840
was published
for
jquery-rails
(RubyGems)
Oct 24, 2017
Puma used with Rails may lead to Information Exposure
High
CVE-2022-23634
was published
for
puma
(RubyGems)
Feb 11, 2022
Action Pack contains Information Disclosure / Unintended Method Execution vulnerability
High
CVE-2021-22885
was published
for
actionpack
(RubyGems)
May 5, 2021
ProTip!
Advisories are also available from the
GraphQL API