Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,726
Maven
5,000+
npm
4,331
NuGet
763
pip
4,107
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

46 advisories

Loading
activesupport vulnerable to Denial of Service via large XML document depth Moderate
CVE-2015-3227 was published for activesupport (RubyGems) Oct 24, 2017
levpachmanov
Credited to levpachmanov
SQL Injection in Active Record High
CVE-2014-3482 was published for activerecord (RubyGems) Oct 24, 2017
levpachmanov
Credited to levpachmanov
Active Record contains SQL Injection High
CVE-2012-6496 was published for activerecord (RubyGems) Oct 24, 2017
levpachmanov
Credited to levpachmanov
actionpack Cross-site Scripting vulnerability Moderate
CVE-2012-3465 was published for actionpack (RubyGems) Oct 24, 2017
ShayAry levpachmanov
Credited to ShayAry and levpachmanov
activesupport Cross-site Scripting vulnerability Moderate
CVE-2012-3464 was published for activesupport (RubyGems) Oct 24, 2017
tdunlap607 levpachmanov
Credited to tdunlap607 and levpachmanov
activerecord vulnerable to SQL Injection High
CVE-2012-2695 was published for activerecord (RubyGems) Oct 24, 2017
levpachmanov
Credited to levpachmanov
actionpack Improper Authentication vulnerability Moderate
CVE-2012-3424 was published for actionpack (RubyGems) Oct 24, 2017
ShayAry levpachmanov
Credited to ShayAry and levpachmanov
Action Pack contains database-query restrictions bypass Moderate
CVE-2012-2660 was published for actionpack (RubyGems) Oct 24, 2017
levpachmanov
Credited to levpachmanov
actionpack allows remote attackers to bypass database-query restrictions, perform NULL checks via crafted request Moderate
CVE-2012-2694 was published for actionpack (RubyGems) Oct 24, 2017
levpachmanov
Credited to levpachmanov
Regular Expression Denial of Service (ReDoS) in lodash Moderate
CVE-2019-1010266 was published for lodash (RubyGems) Jul 19, 2019
mitchell-codecov G-Rath
levpachmanov
Credited to mitchell-codecov, G-Rath, and levpachmanov
Information disclosure issue in Active Resource High
CVE-2020-8151 was published for activeresource (RubyGems) May 21, 2020
levpachmanov
Credited to levpachmanov
Prototype Pollution in immer High
CVE-2020-28477 was published for immer (npm) Jan 20, 2021
levpachmanov
Credited to levpachmanov
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning High
CVE-2021-32803 was published for tar (npm) Aug 3, 2021
ginkoid chen-robert
levpachmanov
Credited to ginkoid, chen-robert, and levpachmanov
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links High
CVE-2021-37712 was published for tar (npm) Aug 31, 2021
JarLob chen-robert
ginkoid levpachmanov
Credited to JarLob, chen-robert, ginkoid, and levpachmanov
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links High
CVE-2021-37701 was published for tar (npm) Aug 31, 2021
chen-robert ginkoid
levpachmanov
Credited to chen-robert, ginkoid, and levpachmanov
Prototype Pollution in immer Critical
CVE-2021-23436 was published for immer (npm) Sep 2, 2021
levpachmanov
Credited to levpachmanov
Prototype Pollution in immer High
CVE-2021-3757 was published for immer (npm) Sep 7, 2021
levpachmanov
Credited to levpachmanov
Improper Input Validation in Jakarta Expression Language Moderate
CVE-2021-28170 was published for com.sun.el:el-ri (Maven) Oct 6, 2021
levpachmanov
Credited to levpachmanov
Regular Expression Denial of Service (ReDoS) in lodash Moderate
CVE-2020-28500 was published for lodash (RubyGems) Jan 6, 2022
mitchell-codecov nitaiapiiro
DmitriyLewen jkmartindale G-Rath levpachmanov
Credited to mitchell-codecov, nitaiapiiro, DmitriyLewen, jkmartindale, G-Rath, and levpachmanov
Cross site scripting in actionpack Rubygem Moderate
CVE-2011-1497 was published for actionpack (RubyGems) Apr 22, 2022
jhutchings1 jasnow
levpachmanov
Credited to jhutchings1, jasnow, and levpachmanov
Improper Neutralization of Special Elements used in a Command in Shell-quote Critical
CVE-2021-42740 was published for shell-quote (npm) May 24, 2022
MyTrueWallet kurt-r2c
jwilk levpachmanov
Credited to MyTrueWallet, kurt-r2c, jwilk, and levpachmanov
Django vulnerable to Reflected File Download attack High
CVE-2022-36359 was published for Django (pip) Aug 11, 2022
sunSUNQ levpachmanov
G-Rath
Credited to sunSUNQ, levpachmanov, and G-Rath
hoek subject to prototype pollution via the clone function. High
CVE-2020-36604 was published for @hapi/hoek (npm) Sep 25, 2022
levpachmanov
Credited to levpachmanov
Protobuf Java vulnerable to Uncontrolled Resource Consumption High
CVE-2022-3509 was published for com.google.protobuf:protobuf-java (Maven) Dec 12, 2022
levpachmanov
Credited to levpachmanov
Protobuf Java vulnerable to Uncontrolled Resource Consumption High
CVE-2022-3510 was published for com.google.protobuf:protobuf-java (Maven) Dec 12, 2022
levpachmanov
Credited to levpachmanov
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database