GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
425 advisories
Filter by severity
OpenC3 stores passwords in clear text (`GHSL-2024-129`)
Moderate
CVE-2024-47529
was published
for
@openc3/tool-common
(RubyGems)
Oct 2, 2024
decidim-meetings Cross-site scripting vulnerability in the online or hybrid meeting embeds
Moderate
CVE-2024-45594
was published
for
decidim-meetings
(RubyGems)
Nov 13, 2024
Potential XSS vulnerability in jQuery
Moderate
CVE-2020-11022
was published
for
jquery
(RubyGems)
Apr 29, 2020
XSS in jQuery as used in Drupal, Backdrop CMS, and other products
Moderate
CVE-2019-11358
was published
for
django
(RubyGems)
Apr 26, 2019
Rack ReDoS Vulnerability in HTTP Accept Headers Parsing
Moderate
CVE-2024-39316
was published
for
rack
(RubyGems)
Jul 3, 2024
Sinatra vulnerable to Reliance on Untrusted Inputs in a Security Decision
Moderate
CVE-2024-21510
was published
for
sinatra
(RubyGems)
Nov 1, 2024
Possible ReDoS vulnerability in block_format in Action Mailer
Moderate
CVE-2024-47889
was published
for
actionmailer
(RubyGems)
Oct 15, 2024
Possible ReDoS vulnerability in plain_text_for_blockquote_node in Action Text
Moderate
CVE-2024-47888
was published
for
actiontext
(RubyGems)
Oct 15, 2024
Possible ReDoS vulnerability in HTTP Token authentication in Action Controller
Moderate
CVE-2024-47887
was published
for
actionpack
(RubyGems)
Oct 15, 2024
OpenC3 Cross-site Scripting in Login functionality (`GHSL-2024-128`)
Moderate
CVE-2024-43795
was published
for
@openc3/tool-common
(RubyGems)
Oct 2, 2024
MPXJ has a Potential Path Traversal Vulnerability
Moderate
CVE-2024-49771
was published
for
MPXJ.Net
(RubyGems)
Oct 28, 2024
jQuery UI vulnerable to XSS when refreshing a checkboxradio with an HTML-like initial text label
Moderate
CVE-2022-31160
was published
for
jQuery.UI.Combined
(RubyGems)
Jul 18, 2022
camaleon_cms affected by cross site scripting
Moderate
CVE-2024-48652
was published
for
camaleon_cms
(RubyGems)
Oct 23, 2024
Possible ReDoS vulnerability in query parameter filtering in Action Dispatch
Moderate
CVE-2024-41128
was published
for
actionpack
(RubyGems)
Oct 15, 2024
Cross-Site Scripting in jquery
Moderate
CVE-2020-7656
was published
for
jQuery
(RubyGems)
May 20, 2020
Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184)
Moderate
GHSA-75j2-9gmc-m855
was published
for
camaleon_cms
(RubyGems)
Sep 25, 2024
Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184)
Moderate
GHSA-8fx8-3rg2-79xw
was published
for
camaleon_cms
(RubyGems)
Sep 23, 2024
Puma's header normalization allows for client to clobber proxy set headers
Moderate
CVE-2024-45614
was published
for
puma
(RubyGems)
Sep 20, 2024
Devise-Two-Factor Authentication Uses Insufficient Default OTP Shared Secret Length
Moderate
CVE-2024-8796
was published
for
devise-two-factor
(RubyGems)
Sep 17, 2024
Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184)
Moderate
GHSA-r9cr-qmfw-pmrc
was published
for
camaleon_cms
(RubyGems)
Sep 18, 2024
Decidim::Admin vulnerable to cross-site scripting (XSS) in the admin panel with QuillJS WYSWYG editor
Moderate
CVE-2024-39910
was published
for
decidim
(RubyGems)
Sep 16, 2024
Decidim::Admin vulnerable to cross-site scripting (XSS) in the admin activity log
Moderate
CVE-2024-32034
was published
for
decidim-admin
(RubyGems)
Sep 16, 2024
Cross Site Scripting vulnerability in Contribsys Sidekiq
Moderate
CVE-2023-46950
was published
for
sidekiq-unique-jobs
(RubyGems)
Mar 1, 2024
Bootstrap Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2024-6531
was published
for
bootstrap
(RubyGems)
Jul 11, 2024
ProTip!
Advisories are also available from the
GraphQL API