Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,652
Erlang
34
GitHub Actions
26
Go
2,253
Maven
5,000+
npm
3,906
NuGet
704
pip
3,678
Pub
12
RubyGems
915
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

111 advisories

Loading
Bundler allows attacker to inject arbitrary code via secondary Gem source Critical
CVE-2016-7954 was published for bundler (RubyGems) May 14, 2022
graphql allows remote code execution when loading a crafted GraphQL schema Critical
CVE-2025-27407 was published for graphql (RubyGems) Mar 12, 2025
yvvdwf rmosolgo
joernchen adarshan-gl
Ruby SAML allows a SAML authentication bypass due to namespace handling (parser differential) Critical
CVE-2025-25292 was published for ruby-saml (RubyGems) Mar 12, 2025
p-
Ruby SAML allows a SAML authentication bypass due to DOCTYPE handling (parser differential) Critical
CVE-2025-25291 was published for ruby-saml (RubyGems) Mar 12, 2025
ahacker1-securesaml
Camaleon CMS Vulnerable to Privilege Escalation through a Mass Assignment Critical
CVE-2025-2304 was published for camaleon_cms (RubyGems) Mar 14, 2025
Code injection in pdf_info Critical
CVE-2022-36231 was published for pdf_info (RubyGems) Feb 24, 2023
omniauth-saml has dependency on ruby-saml version with Signature Wrapping Attack issue Critical
GHSA-hw46-3hmr-x9xv was published for omniauth-saml (RubyGems) Mar 12, 2025
Oxidized Web RANCID migration page allows unauthenticated user to gain control over Linux user account Critical
CVE-2025-27590 was published for oxidized-web (RubyGems) Mar 3, 2025
Prototype Pollution in handlebars Critical
CVE-2019-19919 was published for bootstrap-wysihtml5-rails (RubyGems) Dec 26, 2019
ruby-saml vulnerable to XPath injection Critical
CVE-2015-20108 was published for ruby-saml (RubyGems) May 27, 2023
netaddr before 1.5.3 and 2.0.4 has Incorrect Default Permissions Critical
CVE-2019-17383 was published for netaddr (RubyGems) Oct 14, 2019
stuarthannig
omniauth-saml vulnerable to Improper Verification of Cryptographic Signature Critical
GHSA-cvp8-5r8g-fhvq was published for omniauth-saml (RubyGems) Sep 11, 2024
ahacker1-securesaml suprnova32
rajiv bufferoverflow
SAML authentication bypass via Incorrect XPath selector Critical
CVE-2024-45409 was published for ruby-saml (RubyGems) Sep 10, 2024
ahacker1-securesaml
Command Injection in sequenceserver Critical
CVE-2024-42360 was published for sequenceserver (RubyGems) Aug 13, 2024
drpowell tadast
StringIO buffer overread vulnerability Critical
CVE-2024-27280 was published for stringio (RubyGems) Mar 25, 2024
Katello uses hard coded credential Critical
CVE-2012-3503 was published for katello (RubyGems) May 17, 2022
postmodern
discordrb OS Command Injection vulnerability Critical
CVE-2023-28102 was published for discordrb (RubyGems) Mar 14, 2024
rails vulnerable to improper authentication Critical
CVE-2009-2422 was published for rails (RubyGems) Oct 24, 2017
Buffer overrun in CGI.escape_html Critical
CVE-2021-41816 was published for cgi (RubyGems) Dec 14, 2021
kir-b
Possible shell escape sequence injection vulnerability in Rack Critical
CVE-2022-30123 was published for rack (RubyGems) May 27, 2022
kurt-r2c
flash_tool Gem for Ruby File Download Handling Arbitrary Command Execution Critical
CVE-2013-2513 was published for flash_tool (RubyGems) Jan 26, 2023
Puppet Improper Access Control Critical
CVE-2016-2785 was published for puppet (RubyGems) May 13, 2022
Server-Side Template Injection in Camaleon CMS Critical
CVE-2023-30145 was published for camaleon_cms (RubyGems) May 26, 2023
Puppet Bolt privilege escalation vulnerability Critical
CVE-2023-5214 was published for bolt (RubyGems) Oct 6, 2023
md2pdf allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename Critical
CVE-2013-1948 was published for md2pdf (RubyGems) Oct 24, 2017
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database