Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

141 advisories

Loading
Fat Free CRM subject to Cross-site Scripting Moderate
CVE-2014-5441 was published for fat_free_crm (RubyGems) May 17, 2022
Loofah Cross-site Scripting vulnerability Moderate
CVE-2018-16468 was published for loofah (RubyGems) Nov 1, 2018
Cross-site Scripting in Chartkick Moderate
CVE-2019-12732 was published for chartkick (RubyGems) Jun 7, 2019
rails-html-sanitizer Cross-site Scripting vulnerability Moderate
CVE-2015-7578 was published for rails-html-sanitizer (RubyGems) Oct 24, 2017
paperclip Cross-site Scripting vulnerability Moderate
CVE-2015-2963 was published for paperclip (RubyGems) Oct 24, 2017
rails-html-sanitizer Cross-site Scripting vulnerability Moderate
CVE-2015-7580 was published for rails-html-sanitizer (RubyGems) Oct 24, 2017
rails-html-sanitizer Cross-site Scripting vulnerability Moderate
CVE-2015-7579 was published for rails-html-sanitizer (RubyGems) Oct 24, 2017
Cross-site Scripting in Sidekiq Moderate
CVE-2021-30151 was published for sidekiq (RubyGems) Oct 6, 2021
Cross-site scripting in padrino-contrib Moderate
CVE-2019-16145 was published for padrino-contrib (RubyGems) Sep 23, 2019
radiant vulnerable to Cross-site Scripting Moderate
CVE-2018-7261 was published for radiant (RubyGems) Jul 27, 2018
Camaleon CMS Stored Cross-site Scripting vulnerability Moderate
CVE-2021-25969 was published for camaleon_cms (RubyGems) May 24, 2022
Ember.js Cross-site Scripting vulnerability Moderate
CVE-2014-0013 was published for ember-source (RubyGems) May 14, 2022
Cross site scripting in publify Moderate
CVE-2021-25974 was published for publify_core (RubyGems) May 24, 2022
Cross site scripting in publify Moderate
CVE-2021-25975 was published for publify_core (RubyGems) May 24, 2022
Gollum Cross-site Scripting vulnerability via filename parameter to New Page dialog Moderate
CVE-2020-35305 was published for gollum (RubyGems) Jul 16, 2022
Radiant CMS vulnerable to Cross-site Scripting Moderate
CVE-2018-5216 was published for radiant (RubyGems) Jan 6, 2018
Improper neutralization of `noscript` element content may allow XSS in Sanitize Moderate
CVE-2023-23627 was published for sanitize (RubyGems) Jan 28, 2023
leeN
rails-html-sanitizer Cross-site Scripting vulnerability Moderate
CVE-2018-3741 was published for rails-html-sanitizer (RubyGems) Apr 26, 2018
Camaleon CMS vulnerable to Stored Cross-site Scripting Moderate
CVE-2018-18260 was published for camaleon_cms (RubyGems) May 13, 2022
katello Cross-site Scripting vulnerability Moderate
CVE-2018-16887 was published for katello (RubyGems) May 14, 2022
xapian-core Cross-site Scripting vulnerability Moderate
CVE-2018-0499 was published for xapian-core (RubyGems) May 14, 2022
Gem in a Box vulnerable to Cross-site Scripting Moderate
CVE-2017-14506 was published for geminabox (RubyGems) May 13, 2022
RubyGems Cross-site Scripting vulnerability Moderate
CVE-2018-1000078 was published for org.jruby:jruby-stdlib (RubyGems) May 14, 2022
grape subject to Cross-site Scripting Moderate
CVE-2018-3769 was published for grape (RubyGems) Aug 13, 2018
Geminabox contains Cross-site Scripting Moderate
CVE-2017-16792 was published for geminabox (RubyGems) Nov 29, 2017
ProTip! Advisories are also available from the GraphQL API