Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

504 advisories

Loading
Net::IMAP: Command Injection via ID command argument Moderate
CVE-2026-47242 was published for net-imap (RubyGems) Jun 9, 2026
nevans Credited to nevans
Net::IMAP: Command Injection via non-synchronizing literal in "raw" argument Moderate
CVE-2026-47240 was published for net-imap (RubyGems) Jun 9, 2026
nevans Credited to nevans
Doorkeeper Openid Connect: Dynamic Client Registration feature creates public clients with client_secret Moderate
CVE-2026-44476 was published for doorkeeper-openid_connect (RubyGems) Jun 4, 2026
55728 Credited to 55728
CarrierWave has a denylisted_content_type bypass via Unescaped Regex Metacharacters Moderate
CVE-2026-44587 was published for carrierwave (RubyGems) May 27, 2026
snoopysecurity Credited to snoopysecurity and bilerden bilerden bilerden
Uninitialized read in Nokogiri gem Moderate
CVE-2019-13117 was published for nokogiri (RubyGems) May 24, 2022
view_component: System Test Entry Point Path Check Allows Sibling Directory Escape Moderate
CVE-2026-44837 was published for view_component (RubyGems) May 8, 2026
cyberlanc3r Credited to cyberlanc3r
view_component: Preview Route Can Dispatch Inherited Helper Methods Moderate
CVE-2026-44836 was published for view_component (RubyGems) May 8, 2026
cyberlanc3r Credited to cyberlanc3r
CSS Parser: Improper Certificate Validation allows MITM injection of remote CSS content Moderate
CVE-2026-44312 was published for css_parser (RubyGems) May 7, 2026
JLLeitschuh Credited to JLLeitschuh
Bootstrap Cross-site Scripting vulnerability Moderate
CVE-2018-14042 was published for bootstrap (RubyGems) Sep 13, 2018
tdunlap607 Credited to tdunlap607 and 1Jesper1 1Jesper1 1Jesper1
Buffer Overflow in Zlib::GzipReader ungetc via large input leads to memory corruption Moderate
CVE-2026-27820 was published for zlib (RubyGems) Apr 16, 2026
Spree: CSV Formula Injection in Customer Export Moderate
GHSA-xf4v-w5x5-pv79 was published for spree (RubyGems) Jun 4, 2026
StarPlatinu Credited to StarPlatinu
Bootstrap Vulnerable to Cross-Site Scripting Moderate
CVE-2019-8331 was published for Bootstrap.Less (RubyGems) Feb 22, 2019
flavorjones Credited to flavorjones and jasnow jasnow jasnow
Katello: Denial of Service and potential information disclosure via SQL injection Moderate
CVE-2026-4324 was published for katello (RubyGems) Mar 17, 2026
OpenC3 COSMOS is Vulnerable to Self-XSS Through the Command Sender Moderate
CVE-2026-42086 was published for openc3 (RubyGems) Apr 22, 2026
ctrlsill Credited to ctrlsill
Sidekiq-cron is vulnerable to a cross-site scripting (xss) vulnerability via crafted URL Moderate
CVE-2025-67202 was published for sidekiq-cron (RubyGems) May 7, 2026
OpenC3 COSMOS allows arbitrary writes to plugins directory via path-traversed config filenames Moderate
CVE-2026-42085 was published for openc3 (RubyGems) Apr 22, 2026
ctrlsill Credited to ctrlsill
yard: Possible arbitrary path traversal and file access via yard server Moderate
CVE-2026-41493 was published for yard (RubyGems) Apr 17, 2026
Devise has an Open Redirect via Unvalidated `request.referrer` in Timeoutable Session Timeout Handler Moderate
CVE-2026-40295 was published for devise (RubyGems) May 8, 2026
offset Credited to offset
net-imap vulnerable to command Injection via unvalidated Symbol inputs Moderate
CVE-2026-42258 was published for net-imap (RubyGems) May 4, 2026
manunio Credited to manunio
net-imap vulnerable to denial of service via high iteration count for `SCRAM-*` authentication Moderate
CVE-2026-42256 was published for net-imap (RubyGems) May 4, 2026
Masamuneee Credited to Masamuneee
rdiscount has an Out-of-bounds Read Moderate
CVE-2026-35201 was published for rdiscount (RubyGems) Apr 6, 2026
WesR Credited to WesR
Rack::Request accepts invalid Host characters, enabling host allowlist bypass Moderate
CVE-2026-34835 was published for rack (RubyGems) Apr 2, 2026
th4s1s Credited to th4s1s, jeremyevans, and ioquatix jeremyevans jeremyevans
ioquatix ioquatix
Rack has Content-Length mismatch in Rack::Files error responses Moderate
CVE-2026-34831 was published for rack (RubyGems) Apr 2, 2026
Oblivionsage Credited to Oblivionsage, jeremyevans, and ioquatix jeremyevans jeremyevans
ioquatix ioquatix
Rack::Sendfile header-based X-Accel-Mapping regex injection enables unauthorized X-Accel-Redirect Moderate
CVE-2026-34830 was published for rack (RubyGems) Apr 2, 2026
mzfr Credited to mzfr, jeremyevans, and ioquatix jeremyevans jeremyevans
ioquatix ioquatix
Rack has a root directory disclosure via unescaped regex interpolation in Rack::Directory Moderate
CVE-2026-34763 was published for rack (RubyGems) Apr 2, 2026
harukioya Credited to harukioya, ioquatix, and jeremyevans ioquatix ioquatix
jeremyevans jeremyevans
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database