Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,744
Maven
5,000+
npm
4,341
NuGet
765
pip
4,113
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

50 advisories

Loading
URI allows for userinfo Leakage in URI#join, URI#merge, and URI#+ Low
CVE-2025-27221 was published for uri (RubyGems) Mar 3, 2025
john-halderman
Credited to john-halderman
Rack has a Possible Information Disclosure Vulnerability Moderate
CVE-2025-61780 was published for rack (RubyGems) Oct 10, 2025
leahneukirchen jeremyevans
matthewd ioquatix
Credited to leahneukirchen, jeremyevans, matthewd, and ioquatix
Moderate severity vulnerability that affects rails Moderate
CVE-2007-5379 was published for rails (RubyGems) Oct 24, 2017
katzj
Credited to katzj
Rails has possible Sensitive Session Information Leak in Active Storage Moderate
CVE-2024-26144 was published for activestorage (RubyGems) Feb 27, 2024
yoshizawa-masatoshi tyage
postmodern
Credited to yoshizawa-masatoshi, tyage, and postmodern
Camaleon CMS vulnerable to arbitrary path traversal (GHSL-2024-183) High
CVE-2024-46987 was published for camaleon_cms (RubyGems) Sep 18, 2024
texpert
Credited to texpert
Information disclosure issue in Active Resource High
CVE-2020-8151 was published for activeresource (RubyGems) May 21, 2020
levpachmanov
Credited to levpachmanov
Decidim vulnerable to data disclosure through the embed feature Moderate
CVE-2024-27090 was published for decidim (RubyGems) Jul 10, 2024
Exposure of information in Action Pack High
CVE-2022-23633 was published for actionpack (RubyGems) Feb 11, 2022
byroot
Credited to byroot
Potential CSV export data leak High
CVE-2023-50448 was published for activeadmin (RubyGems) Dec 15, 2023
emilong
Credited to emilong
xaviershay-dm-rails Gem for Ruby exposes sensitive information via the process table Moderate
CVE-2015-2179 was published for xaviershay-dm-rails (RubyGems) Jan 26, 2023
Logstash Logs Sensitive Information High
CVE-2016-1000221 was published for logstash-core (RubyGems) May 14, 2022
Logstash Logs Sensitive Information Moderate
CVE-2016-10362 was published for logstash-core (RubyGems) May 13, 2022
Exposure of Sensitive Information in bio-basespace-sdk Moderate
CVE-2013-7111 was published for bio-basespace-sdk (RubyGems) Oct 24, 2017
Kcapifony gem for Ruby places database user passwords on the command line High
CVE-2014-5001 was published for kcapifony (RubyGems) Jul 23, 2018
brbackup exposes database password to unauthorized users High
CVE-2014-5004 was published for brbackup (RubyGems) Mar 5, 2018
actionpack and activesupport vulnerable to information leaks Moderate
CVE-2009-3086 was published for actionpack (RubyGems) Oct 24, 2017
jasnow
Credited to jasnow
Decidim vulnerable to sensitive data disclosure High
CVE-2023-34090 was published for decidim (RubyGems) Jul 11, 2023
p- ahukkanen
alecslupu
Credited to p-, ahukkanen, and alecslupu
newrelic_rpm Gem Discloses Sensitive Information Moderate
CVE-2013-0284 was published for newrelic_rpm (RubyGems) Oct 24, 2017
lawn-login exposes database password to unauthorized users High
CVE-2014-5000 was published for lawn-login (RubyGems) Jan 22, 2018
lynx doesn't properly sanitize user input and exposes database password to unauthorized users High
CVE-2014-5002 was published for lynx (RubyGems) Jan 24, 2018
safemode gem allows context-dependent attackers to obtain sensitive information via the inspect method High
CVE-2016-3693 was published for safemode (RubyGems) Oct 24, 2017
Sprockets path traversal leads to information leak High
CVE-2018-3760 was published for sprockets (RubyGems) Jun 20, 2018
kurt-r2c
Credited to kurt-r2c
http vulnerable to Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2015-1828 was published for http (RubyGems) Mar 13, 2018
Spree allows remote attackers to obtain sensitive information Moderate
CVE-2010-3978 was published for spree (RubyGems) May 14, 2022
Paratrooper-newrelic Exposes of Sensitive Information to an Unauthorized Actor Low
CVE-2014-1234 was published for paratrooper-newrelic (RubyGems) Oct 24, 2017
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database