GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,295
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
90 advisories
Filter by severity
Net::IMAP: Denial of Service via incomplete raw argument validation
Low
CVE-2026-47241
was published
for
net-imap
(RubyGems)
Jun 9, 2026
Publify Vulnerable To Cross-Site Scripting (XSS) Via Redirects Requiring User Interaction
Low
CVE-2024-39311
was published
for
publify_core
(RubyGems)
Mar 28, 2025
fluent-plugin-s3 Vulnerable to Denial of Service (DoS) via Decompression Bomb in `in_s3`
Low
CVE-2026-44162
was published
for
fluent-plugin-s3
(RubyGems)
Jun 26, 2026
Concurrent Ruby: ReadWriteLock allows wrong-thread write release and stray read-release counter corruption
Low
CVE-2026-54906
was published
for
concurrent-ruby
(RubyGems)
Jun 19, 2026
Concurrent Ruby: `ReentrantReadWriteLock` read-count overflow grants a write lock without exclusivity
Low
CVE-2026-54905
was published
for
concurrent-ruby
(RubyGems)
Jun 19, 2026
Nokogiri: Possible Use-After-Free when setting an attribute value via `Nokogiri::XML::Attr#value=` or `#content=`
Low
GHSA-phwj-rprq-35pp
was published
for
nokogiri
(RubyGems)
Jun 19, 2026
Nokogiri: Possible Use-After-Free in XInclude Processing
Low
GHSA-wfpw-mmfh-qq69
was published
for
nokogiri
(RubyGems)
Jun 19, 2026
Nokogiri: Possible Use-After-Free when directly using `NokogirI::XML::XPathContext` beyond document lifetime
Low
GHSA-p67v-3w7g-wjg7
was published
for
nokogiri
(RubyGems)
Jun 19, 2026
Nokogiri: Possible Use-After-Free when setting `Document#root=` to an invalid node type
Low
GHSA-wjv4-x9w8-wm3h
was published
for
nokogiri
(RubyGems)
Jun 19, 2026
Nokogiri: Null Pointer Dereference calling methods on uninitialized wrapper classes
Low
GHSA-9cv2-cfxc-v4v2
was published
for
nokogiri
(RubyGems)
Jun 19, 2026
Nokogiri: XML::Schema on JRuby allows network requests when NONET is set, bypassing CVE-2020-26247
Low
GHSA-8678-w3jw-xfc2
was published
for
nokogiri
(RubyGems)
Jun 19, 2026
Nokogiri: Possible Use-After-Free when `Nokogiri::XML::Document#encoding=` raises an exception
Low
GHSA-5v8h-3h3q-446p
was published
for
nokogiri
(RubyGems)
Jun 19, 2026
Faraday has a possible incomplete fix for GHSA-33mh-2634-fwr2: protocol-relative URI objects still bypass host scoping
Low
CVE-2026-33637
was published
for
faraday
(RubyGems)
May 18, 2026
net-imap has quadratic complexity when reading response literals
Low
CVE-2026-42245
was published
for
net-imap
(RubyGems)
May 4, 2026
Rails has a possible XSS vulnerability in its Action View tag helpers
Low
CVE-2026-33168
was published
for
actionview
(RubyGems)
Mar 23, 2026
Rails has a possible XSS vulnerability in its Action Pack debug exceptions
Low
CVE-2026-33167
was published
for
actionpack
(RubyGems)
Mar 23, 2026
Rails Active Storage has a possible DoS vulnerability in proxy mode via multi-range requests
Low
CVE-2026-33658
was published
for
activestorage
(RubyGems)
Mar 25, 2026
URI Credential Leakage Bypass over CVE-2025-27221
Low
CVE-2025-61594
was published
for
uri
(RubyGems)
Dec 30, 2025
Fat Free CRM has BOLA in DELETE /emails/:id - Any authenticated user can hit this endpoint and delete emails by ID
Low
GHSA-9pm8-vwc5-w2hm
was published
for
fat_free_crm
(RubyGems)
Apr 14, 2026
Trix is vulnerable to XSS through JSON deserialization bypass in drag-and-drop (Level0InputController)
Low
GHSA-53p3-c7vp-4mcc
was published
for
action_text-trix
(RubyGems)
Mar 29, 2026
Loofah has improper detection of disallowed URIs via `allowed_uri?`
Low
GHSA-2j22-pr5w-6gq8
was published
for
loofah
(RubyGems)
Mar 26, 2026
Rails has possible ReDoS vulnerability in Accept header parsing in Action Dispatch
Low
CVE-2024-26142
was published
for
actionpack
(RubyGems)
Feb 27, 2024
Improper detection of disallowed URIs by Loofah `allowed_uri?`
Low
GHSA-46fp-8f5p-pf2m
was published
for
loofah
(RubyGems)
Mar 18, 2026
Rack Header Parsing leads to Possible Denial of Service Vulnerability
Low
CVE-2024-26146
was published
for
rack
(RubyGems)
Feb 28, 2024
Rack has possible DoS Vulnerability with Range Header
Low
CVE-2024-26141
was published
for
rack
(RubyGems)
Feb 28, 2024
ProTip!
Advisories are also available from the
GraphQL API