Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,464
Erlang
33
GitHub Actions
22
Go
2,163
Maven
5,000+
npm
3,821
NuGet
696
pip
3,502
Pub
12
RubyGems
909
Rust
904
Swift
38
Unreviewed advisories
All unreviewed
5,000+

909 advisories

Loading
graphql allows remote code execution when loading a crafted GraphQL schema Critical
CVE-2025-27407 was published for graphql (RubyGems) Mar 12, 2025
yvvdwf rmosolgo
joernchen adarshan-gl
Ruby SAML allows remote Denial of Service (DoS) with compressed SAML responses High
CVE-2025-25293 was published for ruby-saml (RubyGems) Mar 12, 2025
p-
Ruby SAML allows a SAML authentication bypass due to DOCTYPE handling (parser differential) High
CVE-2025-25291 was published for ruby-saml (RubyGems) Mar 12, 2025
ahacker1-securesaml
Ruby SAML allows a SAML authentication bypass due to namespace handling (parser differential) High
CVE-2025-25292 was published for ruby-saml (RubyGems) Mar 12, 2025
p-
omniauth-saml has dependency on ruby-saml version with Signature Wrapping Attack issue Critical
GHSA-hw46-3hmr-x9xv was published for omniauth-saml (RubyGems) Mar 12, 2025
Out-of-bounds Read in Ruby JSON Parser High
CVE-2025-27788 was published for json (RubyGems) Mar 12, 2025
Duplicate Advisory: Nokogiri updates packaged libxml2 to 2.13.6 to resolve CVE-2025-24928 and CVE-2024-56171 Low
GHSA-5mwf-688x-mr7x was published for nokogiri (RubyGems) Feb 19, 2025 withdrawn
Nokogiri updates packaged libxml2 to 2.13.6 to resolve CVE-2025-24928 and CVE-2024-56171 Low
GHSA-vvfq-8hwr-qm4m was published for nokogiri (RubyGems) Feb 18, 2025
Local File Inclusion in Rack::Static High
CVE-2025-27610 was published for rack (RubyGems) Mar 10, 2025
Masamuneee jeremyevans
ioquatix
REXML contains a denial of service vulnerability Moderate
CVE-2024-35176 was published for rexml (RubyGems) May 16, 2024
Possible Content Security Policy bypass in Action Dispatch Low
CVE-2024-54133 was published for actionpack (RubyGems) Dec 10, 2024
Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection Moderate
CVE-2025-27111 was published for rack (RubyGems) Mar 4, 2025
Masamuneee ioquatix
jeremyevans
CGI has Denial of Service (DoS) potential in Cookie.parse Moderate
CVE-2025-27219 was published for cgi (RubyGems) Mar 3, 2025
CGI has Regular Expression Denial of Service (ReDoS) potential in Util#escapeElement Moderate
CVE-2025-27220 was published for cgi (RubyGems) Mar 3, 2025
URI allows for userinfo Leakage in URI#join, URI#merge, and URI#+ Low
CVE-2025-27221 was published for uri (RubyGems) Mar 3, 2025
john-halderman
Oxidized Web RANCID migration page allows unauthenticated user to gain control over Linux user account Critical
CVE-2025-27590 was published for oxidized-web (RubyGems) Mar 3, 2025
field_test gem contains injection vulnerability Moderate
CVE-2019-13146 was published for field_test (RubyGems) Jul 16, 2019
Phusion Passenger denial of service Moderate
CVE-2025-26803 was published for passenger (RubyGems) Feb 24, 2025
ReDoS based DoS vulnerability in Action Dispatch Low
CVE-2023-22792 was published for actionpack (RubyGems) Jan 18, 2023
robertoz-01 postmodern
Denial of Service Vulnerability in ActiveRecord's PostgreSQL adapter High
CVE-2022-44566 was published for activerecord (RubyGems) Jan 18, 2023
robertoz-01 aviyam181199
G-Rath
Active Support Possibly Discloses Locally Encrypted Files Moderate
CVE-2023-38037 was published for activesupport (RubyGems) Aug 23, 2023
Possible Log Injection in Rack::CommonLogger Moderate
CVE-2025-25184 was published for rack (RubyGems) Feb 12, 2025
HexSave jeremyevans
ioquatix taketo1113 nick-f vladimir-mencl-eresearch lostapathy matthewbjones lfittl
Race condition in Endorsements Low
CVE-2023-47634 was published for decidim (RubyGems) Feb 20, 2024
microstudi alecslupu
andreslucena
Duplicate Advisory: httparty has multipart/form-data request tampering vulnerability Moderate
GHSA-g47j-3m2m-74qv was published for httparty (RubyGems) Jan 4, 2024 withdrawn
gRPC connection termination issue Moderate
CVE-2023-32732 was published for grpc (RubyGems) Jul 6, 2023
jonasfj
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database